Re: preferring --check-sigs over --list-sigs

On Wed, 27 Sep 2017 20:24, d...@fifthhorseman.net said: > I've noted this as https://dev.gnupg.org/T3430 Thanks. My fix is --check-signatures --check-sigs Same as --list-keys, but the key signatures are verified and listed too. Note that for performance reasons the

Re: Houston, we have a problem

On Tue, 26 Sep 2017 13:07, andr...@andrewg.com said: > The gpg command itself should cryptographically verify signatures when > performing --list-sigs, so that at least it can throw a warning when an Actually --list-sigs is more of a debug command than a command users should use to verify a key.

Re: GnuPG-card works in the Ubuntu smartphone

On Sun, 24 Sep 2017 19:55, g...@unixarea.de said: > I will look for some slot next week. I will have to send it to you as I > don't see a way to create an account in the blog... Ack. The accounts on that box are only for regular gnupg commiters. Shalom-Salam, Werner -- Die Gedanken sind

Re: GnuPG-card works in the Ubuntu smartphone

On Sun, 24 Sep 2017 10:59, g...@unixarea.de said: > I would be happy to write something in this blog, but I never wrote > something in 'org-mode' format, any pointer to some guide? I'm attaching If you are on Emacs it is already included and part of Emacs help system. It's website is

Re: GnuPG-card works in the Ubuntu smartphone

On Sat, 23 Sep 2017 10:47, g...@unixarea.de said: > I have the GnuPG-card working in the Ubuntu smartphone BQ E4.5, details > here: https://forums.ubports.com/topic/554/support-for-gnupg-smartcard/3 Cool. > I could post a small how-to to some place because due to the nature of Would you like to

Re: gpg 2.1.19 fails to generate key pair

On Fri, 22 Sep 2017 20:48, g...@unixarea.de said: > Ok. I will update to the most recent version. Btw: libcrypt is 1.7.0. Please update to 1.7.9 - Libgcrypt is the most likely cause for a bus error. > Linux ubuntu-phablet 3.4.67 #1 SMP PREEMPT Mon Jun 6 12:04:40 UTC 2016 > b75400e armv7l

Re: Houston, we have a problem

On Fri, 22 Sep 2017 19:23, stefan.cl...@posteo.de said: > O.k. i just tested a bit and this is a bug int the Web Interface and in > GnuPG's CLI Interface. I don't see a bug here. However, given that you use Posteo, you are in the good position to use the Web Key Directory feature. This

Re: gpg 2.1.19 fails to generate key pair

On Fri, 22 Sep 2017 17:24, g...@unixarea.de said: > I instructed via gpg-agent.conf the gpg-agent to do a debug log which > follows. The proc gpg-agent crashes with SIG_BUS. That is why you see and EOF error from gpg. We did a few more release after 2.1.19, which was released on March 1. Not

Re: Automating and integrating GPG

On Thu, 21 Sep 2017 11:03, aheinl...@gmx.com said: > Interesting. I haven't found anything smartcard related in the GPGME > docs. I am really not good at C, but I took a look at the sources of Yes, it is a generic interface to make a core libassuan function (which is already used by gpgme)

[Announce] GnuPG 2.2.1 released

ities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0

Re: using --keyserver but still getting gpg: no keyserver known (use option --keyserver)

On Mon, 18 Sep 2017 23:37, d...@fifthhorseman.net said: > modern versions of gpg should default to the hkps pool, and shouldn't > need any explicit configuration. Right, and it is also more future proof to use the keyserver option in dirmngr.conf instead of gpg.conf. But as you say, no

Re: Signing data with user specified Key

On Thu, 14 Sep 2017 14:26, sandhya.sha...@morpho.com said: > I am using GPG4Win and have to sign data with a specified key through > my code in C++.But I didn't find much help on how to specify key for > signing data in GPG You need to put the signer into the context. See this secion in the

Re: Unable to sign or decrypt with card

On Sat, 9 Sep 2017 14:54, philip.jack...@nordnet.fr said: > Suggestions as to how to check and correct this situation would be > appreciated. Newer versions of gpg should print a better error message; at least with -v. I guess that your pinentry is not installed or can't be used. Do you have

Re: "Insecure memory" (yes setuid set) and "get_passphrase failed"

On Tue, 5 Sep 2017 02:45, marioxcc...@yandex.com said: > Are you sure that this is required in Solaris? At least in Debian > GNU/Linux there is no need to setuid the gpg binary to root. Root setuid > programs are a security problem. If an attacker can get control of this > program, he can

Financial Results 2016

From the /Common capital stock/ of 25000 Euro 50% are held by Walter Koch and 50% by Werner Koch, the owners of g10^code. The /Net profit/ gained in 2015 is added to /Profit carried forward/. The /Accounts payable other/ is my profit sharing bonus of 24739 and VAT payable for the last q

[Announce] GnuPG 2.2.0 released

oaded GnuPG version has not been tampered by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expire

Re: benchmarking security tokens speed

On Sat, 26 Aug 2017 00:35, l...@anarc.at said: > I'm in the process of reviewing performance of various security tokens > (the Yubikeys, the FST-01, Nitrokey), and I am getting somewhat Thanks for the numbers. However, the numbers Nitrokey are are missing. Shall I send you a "standard"

Re: --export-options export-reset-subkey-passwd

On Sun, 13 Aug 2017 08:17, dani...@grinta.net said: > Digging a bit more, it seems that the functionality got dropped because > with GnuPG 2.x all key manipulations go through gpg-agent and it does > not (yet?) support password reset on expert. Unfortunately this is still an open bug:

Re: [Announce] GnuPG 2.1.23 released

On Thu, 10 Aug 2017 10:25, ine...@gnu.org said: > I submitted a Russian update on 2017-08-05 to gnupg-i...@gnupg.org, > but it looks like it was ignored; did I do anything wrong? My fault sorry. I should really merge my translations@ and gnupg-i18n@ folders to have only one place to check.

Re: System-wide gnupg.conf?

On Wed, 9 Aug 2017 20:07, aheinl...@gmx.com said: > after reading today's announcement of GNuPG 2.1.23, I had the idea of > having a system-wide /etc/gnupg.conf, to disable the new > auto-key-retrieve etc. User's gnupg.conf should still be used and > override the same options in the system-wide

[Announce] GnuPG 2.1.23 released

red by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406

Re: (pre)cache password rather than use allow-loopback-pinentry

On Sat, 29 Jul 2017 20:24, di...@webweaving.org said: > Lovely. Is there any way one can suppress the fingerprint of the primary key > (as when doing line oriented things; bith the ’sec’ and ’ssb’ line are > followed by structurally identical ‘fpr’ lines)? No. You should use a simple state

Re: gpgsm, keygrip

On Sun, 30 Jul 2017 14:52, di...@webweaving.org said: > Replying to my own question — the man page of of gpg-preset-passphrase > should perhaps suggest to use ‘gpg —with-keygrip ..’ or ‘gpg —with-colons ..’. Thanks for the suggestion. However there is a gug in gpgsm which does not print the

Re: AW: Extraction of decryption session key without copying complete encrypted file

On Fri, 4 Aug 2017 14:36, roman.fied...@ait.ac.at said: > Ah, that's great - and actually the first nice gpg-agent feature apart from > gpg-agent being little annoying when running it on RAM-disks in early boot. (And the ssh-agent support, which is one of the mos useful features I have on my

Re: Extraction of decryption session key without copying complete encrypted file

On Wed, 2 Aug 2017 15:52, roman.fied...@ait.ac.at said: > How to decrypt large files, e.g. gpg-encrypted backups, without copying them > to the machine with the GPG private key? With GnuPG 2.1 this is easy: You use ssh's socket forwarding feature to forward gpg-agent's restricted remote

Re: GPG Decryption Issue

On Thu, 3 Aug 2017 19:24, gnupg-users@gnupg.org said: > stderr=gpg: protection algorithm 3 is not supported gpg: encrypted with Your private key is encrypted with CAST5 but you have disabled support for CAST5 in gpg or you disabled CAST5 when you built libgcrypt. > gpg (GnuPG) 2.0.14 >

Re: gnupg or gpg-agent options for parallelism and memory usage

On Thu, 3 Aug 2017 02:35, kgallag...@cloudflare.com said: > Is anyone aware of any options or configurations which can increase the > efficiency of memory resource usage, allowing us to quickly decrypt more > things at once? Don't use too many parallel sessions. gpg's --multifile option may

Re: GPGme operations with subkeys

On Wed, 2 Aug 2017 03:05, r...@sixdemonbag.org said: > At the command line a subkey can be specifically selected by appending > an exclamation mark to the *subkey* key ID, but I don't believe GPGME > supports this behavior. That's right. I opened a wishlist item as https://dev.gnupg.org/T3325

[Announce] GnuPG 2.1.22 released

by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085

Re: gpgme - raw RSA operation using GPG public/private keys?

On Wed, 26 Jul 2017 02:21, gnupg-u...@niob.at said: > One more question for this topic: Am I right that secret key export is > not really implemented, even though there is the > GPGME_EXPORT_MODE_SECRET flag to gpgme_op_export_keys()? No, it is implemented. You may use the run-export test

Re: gpg-agent cache keygrip

On Tue, 25 Jul 2017 22:30, mar...@gmx.com said: > I've been trying to understand gpg-agent cache behavior in the presence > of two distinct keys with the same passphrase. Namely, why is that it > only asks for the passphrase once, regardless of the key being used? There is a kludge in gpg and

Re: Key corruption: duplicate signatures and usage flags

On Fri, 23 Jun 2017 10:02, madd...@madduck.net said: > Are you saying that gnupg 2.1.18 added the self-signature in the > wrong place? There is no right or wrong place. gpg uses the latest valid self-signature according to the timestamp in the self-signature. Use --with-colons to see the full

Re: Operation not supported by device

On Mon, 24 Jul 2017 16:27, stefan.cl...@posteo.de said: > macOS, i get the following message: Please do gpg --version gpg -v --clearsign loremipsum.txt and show us the full output. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Re: (pre)cache password rather than use allow-loopback-pinentry

On Fri, 21 Jul 2017 10:05, di...@webweaving.org said: > Thanks - that is a nice treasure trove you unearthed for me. Thanks ! Some examples are give at https://gnupg.org/faq/whats-new-in-2.1.html#quickgen > Ok - I’ll need to investigate as to why this does work for our setting (auto >

Re: gpg-agent/pinentry: How to verify calling application

On Wed, 19 Jul 2017 00:10, knaac...@gmx.de said: > me2486 0.0 0.0 34028 3940 ?SL 21:46 0:00 gpg2 > --enable-special-filenames --batch --no-sk-comments --status-fd 11 --no-tty > --charset utf8 --enable-progress-filter --exit-on-status-write-error > --display :0 --ttyname

Re: How to NOT gnutar files during encryption?

On Tue, 18 Jul 2017 23:30, g...@mdsresource.net said: > Further investigation reveals that Kleopatra is gnuTARring the ZIP file > prior to encryption. That should only happen when you select multipe files or a directory. This invokes the pgp-zip method of encrypting multiple files. Despite the

Re: A Quick Supplement

On Tue, 18 Jul 2017 22:49, r...@sixdemonbag.org said: > random_seed is internal data belonging to the PRNG. That is right. However we always add at least 128 bit of fresh random which would be enough - at least on all systems with /dev/random or on Windows. It is just that we are

[Announce] Libgcrypt 1.8.0 released

erm keys of their respective owners. Current releases are signed by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key

Re: gpg-agent/pinentry: How to verify calling application

On Mon, 17 Jul 2017 00:38, knaac...@gmx.de said: > This is much better. Somehow of a problem is just, that the pinentry window > is not resizable, so the window title gets cut off. I would say, all this > information should better be put inside the window itself. Too much info for most users.

Re: gpg-agent/pinentry: How to verify calling application

On Sun, 16 Jul 2017 09:30, d...@fifthhorseman.net said: > I don't think there's currently any plan to do anything like this, but Actually this is implemented since GnuPG 2.1.19 (Debian has 2.1.18, though) when used withwith a pinentry from Git after 2017-02-03. There you will see in the

Re: Don't get the pinentry for passphrase in some contexts

On Thu, 13 Jul 2017 15:08, dam...@cassou.me said: > strace reveals the following. Does that ring a bell to anyone? "debug-pinentry" in gpg-agent.conf would give you more info. Adding also "debug ipc" will show you the communication between gpg and gpg-agent; that is what you strace shows. Use

Re: use policy of the GnuPG-card

On Thu, 13 Jul 2017 12:49, g...@unixarea.de said: > How is this supposed to be managed? You can't do anything about it. The card protects your key against compromise - but not the use of the key. For the signing key we have a signature counter and if you can memorize the count and the number

Re: [Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526

On Wed, 5 Jul 2017 21:39, gnupg-users@gnupg.org said: >> libgcrypt v<=? > > Probably all versions up to 1.7.7, starting from at least 1.2.0 (which > is the oldest I could find). Actaully starting at 1.6.0 which introduced the sliding window method to catch up performance losses due to other

Re: Questions using GPGME

On Thu, 6 Jul 2017 14:48, aheinl...@gmx.com said: > decrypt with cancel'ing the pinentry, one with missing private key and > one with a truncated input file. All three gave > > print str(e): Invocation of gpgme_op_decrypt_verify: GPGME: Decryption > failed This has been fixed yesterday in

Re: [Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526

On Tue, 4 Jul 2017 12:05, joh...@vulcan.xs4all.nl said: > Is 1.4 vulnerable to this attack as well? I know it ows not use > libgcrypt but I'm not sure about the vulnerability. Maybe. And probably also to a lot of other local side channel attacks. Shalom-Salam, Werner -- Die Gedanken

Re: gnupg 2.1.16: change of option --with-fingerprint

On Sat, 1 Jul 2017 16:46, linux_nutze...@mailbox.org said: > When I tried to import a CentOS gpg key according to the manual from [1], I > made the following observation: > > "gpg --quiet --with-fingerprint " does not return the fingerprint > when using gnupg 2.1.17 (on ArchLinux and openSuse

Re: SHA1 depreciation ??

On Fri, 30 Jun 2017 02:33, lewis...@gmail.com said: > Do you know any time frame and significant changes of v5 specs? Next year we will prepare GnuPG to handle v5 keys read-only. I assume that we can create v5 keys by default in maybe 5 years. Shalom-Salam, Werner -- Die Gedanken sind

[Announce] Libgcrypt 1.7.8 released to fix CVE-2017-7526

3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 David Shaw (GnuPG Release Signing Key

Re: Key corruption: duplicate signatures and usage flags

On Fri, 23 Jun 2017 00:33, 2014-667rhzu3dc-lists-gro...@riseup.net said: > I didn't know you could remove a usage flag once the key was on the Those flags are tracked in self-signatures. When changing a flag a new self-signature is used. This will be uploaded to the keyserver. gpg uses the

Re: Managing the WoT with GPG

On Thu, 22 Jun 2017 16:29, madd...@madduck.net said: > updating the trustdb on update of key material, wouldn't it make > much more sense to compute the information just-in-time? Provided For a key listing this means computing it for every listed key. And the majority of frontends first do a

Re: speedo Error 2, download swdb.lst failed

On Wed, 21 Jun 2017 19:11, pe...@digitalbrains.com said: > I think this is because of an expired certificate for versions.gnupg.org: Sorry for this. Fixed. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpLUBTrl8Z_C.pgp Description: PGP

Re: How to use a PKCS#15 with GnuPG?

On Thu, 15 Jun 2017 14:13, ndk.cla...@gmail.com said: > authentication and signing). Both ePass2003 and MyID implement PKCS#15, > so IIUC they should be usable. gpg expects an OpenPGP card. For pkcs#15 you need to use gpgsm. As a starter do gpgsm --learn-card which imports the certificates

Re: GnuPG card && using the backup secret key

On Mon, 12 Jun 2017 20:12, g...@unixarea.de said: > create some backup of the secret key into a file. It is totally unclear > to me how to make something usefull out of this file, for example import > it into a "normal" secret keyring to use it in case of the GnuPG acrd To try it you best insert

Re: setting GnuPG card to 'not forces' does not let sign

On Mon, 12 Jun 2017 12:38, g...@unixarea.de said: > Do you know of any other CCID reader for ID-000 size cards? I have a sample of the Gemalto Shell Token here. It has been around for quite some time and the kernelconcept folks that it works nicely. See

Re: setting GnuPG card to 'not forces' does not let sign

On Fri, 9 Jun 2017 08:39, g...@unixarea.de said: > I know, this is not a GnuPG issue, but I wanted to mention it here to > ask if others has similar experiences, even on Linux or other OS, or if > it worth to get a new OMNIKEY device or even another device. You better avoid everything with an

Re: Fwd: RE: setting GnuPG card to 'not forces' does not let sign

On Fri, 9 Jun 2017 08:23, g...@unixarea.de said: > Thanks as well for the nice hint about X-message-flag: header line. > The warning looks really nice in the crappy MS OutLook. I learned that from Jens Link whom you may know. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen

Re: changing the passphrase of the secret key stored in the GnuPG card

On Sun, 11 Jun 2017 20:07, g...@unixarea.de said: > How could I change the passphrase I have entered while generating the > keys on the GnuPG card? I tried with no success: To change the PINs on the card you need to use gpg --card-edit At the prompt you can directly change the PIN using

Re: Key management for archives

On Tue, 6 Jun 2017 14:39, ndk.cla...@gmail.com said: > Is it possible to "extract" the used session key, so that the requester > just ignores the asymmetric crypto and just uses the symmetric key to > decode the file? Drawbacks? Other ideas? Here is how I would do that: ( gpg --status-fd 1

Re: Fwd: RE: setting GnuPG card to 'not forces' does not let sign

On Thu, 8 Jun 2017 12:48, g...@unixarea.de said: > Every time I write to gnupg-users@gnupg.org I get this crap from a robot > or from Sarah about dating. Can someone do anything that he/she/it is not That bot is subscribed. I enabled the moderation flag and disabled delivery. Shalom-Salam,

Re: setting GnuPG card to 'not forces' does not let sign

> The bad PIN counter in the card is not decremented. Switching the card > back to 'forced' makes signing with PIN working again. Interesting. Did you also try to reset the card (i.e. re-insert) whit non-forced set? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein

Re: How to show fingerprint in email header?

int appended. How to configure this depends on your mailer. I do this in Gnus: --8<---cut here---start->8--- (setq gnus-posting-styles '((".*" (name "Werner Koch") (address "w...@gnupg.org" )

Re: libgcrypt

On Wed, 7 Jun 2017 23:32, socal2...@gmail.com said: > I installed libgcrypt 1.7.7 on this machine but it reverts to the > distro installation of 1.6.6 Did you install the correct libgcrypt*-dev package (assuming you are using a pre-packaged version) and can configure find it? Enter

[Announce] GnuPG Funding Campaign Launched

g-term stability the new campaign focuses on recurring donations and not one-time donations. Says lead developer Werner Koch: “We want to continue our work in the long term. But, we want to do so in such a way that our first loyalty is unambiguously to the general public. This means makin

Re: PGP for official documents / eIDAS and ZertES

On Wed, 31 May 2017 19:34, ankos...@gmail.com said: > More detailed, from the three standards supported, only the last one, > XML-sig, supports PGP: https://www.w3.org/TR/xmldsig-core/#sec-PGPData That looks pretty much like a re-specification of PKCS#15 which also has provisions for PGP and

[Announce] Libgcrypt 1.7.7 released

leases are signed by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF

Re: Unknown key type

On Mon, 22 May 2017 18:07, timemas...@sillydog.org said: > Can someone please explain why I am getting a yellow bar on a LOT of > signed msgs saying that the key type is unknown?? Some of these mails are probably also from me. By default I sign my messages with an Ed25519 subkey which is a

[Announce] GnuPG 2.1.21 released

es for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werne

Re: Compilation of libgcrypt 1.7.5 on cygwin 64 bit fails

On Thu, 11 May 2017 11:26, roger@matrix.ai said: > All other dependencies of gnupg works on cygwin 64 bit, this is the > only one that fails, and thus prevents building gpg2 on Cygwin 64 bit. You will not be able to build a working GnUPG for 64 bit Windows - if that is what Cygwin 64 bit is

Re: Documentation about --list-secret-keys output

On Thu, 6 Apr 2017 05:03, mogl...@gmx.net said: > sec# 4096R/XAB 2017-XX-XX [expires: 20XX-XX-XX] > uid My name > ssb> 2048R/XBB 2017-XX-XX > ssb> 2048R/XCB 2017-XX-XX > ssb> 2048R/XDB 2017-XX-XX The man page explains the '#' under

Re: [2.1.19] --list-secret-keys not # marking unavailable subkeys?

Hi! On Thu, 6 Apr 2017 14:21, d...@00dani.me said: > It's very confusing, as it seems to indicate my secret keyring contains > keys that it definitely doesn't. Why the inconsistency? Can I somehow Good catch. Thanks. There is a stupid bug in the code: --8<---cut

[Announce] GnuPG 2.1.20 released

re of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959

[Announce] GPGME 1.9.0 released

ed by the long term keys of their respective owners. Current releases are signed by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [ex

Re: Parallel decrypts fail in 2.1.19

On Mon, 27 Mar 2017 13:55, p...@jankoppe.de said: > $ LANG=C gpg2 --version > gpg (GnuPG) 2.1.19 > libgcrypt 1.7.6 Can you please run a gpg-agent --version too. That is just in case the agent is using a different Libgcrypt. I guess we should also add an Assuan getinfo option to show the

Re: Parallel decrypts fail in 2.1.19

On Thu, 23 Mar 2017 02:32, micha...@syapse.com said: > 2017-03-22 21:25:14 gpg-agent[3624] DBG: rsa_decrypt res: [out of core] > 2017-03-22 21:25:14 gpg-agent[3624] O j: ... this is a bug > (sexp.c:1433:do_vsexp_sscan) The bug diagnostic is a side-effect of the out of core error. I'll

Re: Compiling GPG on Solaris 10

On Wed, 22 Mar 2017 14:32, terry.stew...@mrc-bsu.cam.ac.uk said: Hi, The quoted part of the log is unfortunately not what I am looking for. Please check the log for lines similar to this: configure: checking for libraries checking for gpg-error-config... /usr/local/bin/gpg-error-config

Re: Enquiry about the GnuPGP

Hi, On Wed, 22 Mar 2017 12:41, shrivastavasubha...@gmail.com said: > What is the full form of GnuPG GnuPG stands for GNU Privacy Guard Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpQmJUH8voo0.pgp Description: PGP signature

Re: Compiling GPG on Solaris 10

On Wed, 22 Mar 2017 00:10, terry.stew...@mrc-bsu.cam.ac.uk said: > *** You need libgcrypt to build this program. > ** This library is for example available at > *** ftp://ftp.gnupg.org/gcrypt/libgcrypt/ > *** (at least version 1.5.0 using API 1 is required.) Did you install the development

Re: Security doubts on 3DES default

On Thu, 16 Mar 2017 15:55, pe...@digitalbrains.com said: > Perhaps we should either retire ciphers with a 64-bit block length or > make OpenPGP mandatorily rekey after a few gigabytes of data, so it's no > longer up to the user to be prudent with large amounts of data. Those who have large

Re: ADMIN: Some mail addresses are now rewritten

I hit group reply in Thunderbird and at the top of this > message is: > > On 03/11/2017 09:27 AM, Werner Koch wrote: Right, because my From header has not been rewritten (no reject DMARC policy at gnupg.org). But if you look above you can notice that Gnus took the ML address - should be

Re: HTTPS keyservers (with SSL-keys recording)

On Wed, 15 Mar 2017 10:14, miro.ro...@croatiafidelis.hr said: > keyserver hkps.pool.sks-keyservers.net:443 I guess we should better default to hkps:// if a scheme is not given. I have not checked whether this is already the case. > I record SSL-keys all the time, and I believe every

Re: GnuPG 2.1.19 crashing when listing keys, if tofu-default-policy is "ask"

On Wed, 15 Mar 2017 12:11, jus...@g10code.com said: > https://bugs.gnupg.org/gnupg/issue2959 This bug was reported by dkg a month ago but we unfortunately missed to fix it for 2.1.19. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpzc3eMl7Bal.pgp

Re: Security doubts on 3DES default

On Tue, 14 Mar 2017 21:54, r...@sixdemonbag.org said: > So long as you understand GnuPG will not make any changes that break RFC > conformance... and dropping SHA1/3DES breaks RFC conformance. Well, it is possible to use --weak-digest SHA1 --disable-cipher-algo 3DES with gpg. Shalom-Salam,

Re: Interleaving issue

On Sun, 12 Mar 2017 17:36, r...@sixdemonbag.org said: > sig!31DCBDC01B44427C7 2015-07-16 Robert J. Hansen 14 good signatures This is a diagnostic which goes to stderr. The former is fully buffered, the latter is line

ADMIN: Some mail addresses are now rewritten (was: Test mail from Outlook)

Hi! You may have noted that the From address has been rewritten to show the list address instead of your address. In addition a reply-to header has been set so that your address is also known. The reason for this is that some mail sites now have a DMARC reject policy which leads to a bounce

Re: Error searching key from keyserver in gpg 2.1.19

On Fri, 10 Mar 2017 10:26, alexander.stro...@giepa.de said: > What's the problem here? Please add verbose debug network,dns,ipc And a log file option to dirmngr.conf and check the log. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Re: Is the header file gpgme.h complete?

Hi! On Fri, 10 Mar 2017 23:34, marcel.wag...@gmx.de said: > lib and find this struct in a context.h header file, but this is not > included in gpgme.h? My question is now, is the gpgme.h file complete? Yes it is complete. Anonymous structures are the standard way in C to hide implementation

Re: Problems with GPGME returning "Not Implemented" or "Configuration error"

On Wed, 8 Mar 2017 00:57, jeste...@microsoft.com said: > I spotted the fact that I was (incorrectly) using > gpgme_op_decrypt_verify() when I think I should be using > gpgme_op_decrypt(), so I fixed that but I still get “Not Implemented”. The reason why it shows "Not implemented" is that you

Re: Expanding web-of-trust with subkey

On Thu, 16 Feb 2017 15:31, tliko...@iki.fi said: >> please be aware that if you switch from "trust-model direct" to >> "trust-model tofu+pgp", then your previous assignments of "trust" will >> transform into indications of "ownertrust". > > That has been my assumption. Thanks for verifying. I'll

Re: From Masterkey to subkey

On Tue, 7 Mar 2017 21:03, tliko...@iki.fi said: > Interesting. It seems that the feature is not documented. I tested > version 2.1.18 in Debian testing and neither the man page nor > --edit-key's "help" command tells anything about the feature. One of the hidden commands to be revealed in case

Re: From Masterkey to subkey

On Tue, 7 Mar 2017 09:40, billdanger...@gmail.com said: > I would like first to be sure that this process of migrating a master key > to subkey is reliable ? Am I not breaking something, that I am going to > regret ? Please see the other comments. > Is there a way (even if hacking gpg code is

Re: powertop(8) Points at gpg-agent.

On Tue, 21 Feb 2017 10:56, ra...@inputplus.co.uk said: > I wonder if aiming for dead on the second is a good idea. If everything > did that then there might silence until the next second boundary, but > many cores would wake up to work for a short time. I had the same concern but the folks who

Re: How U2F works

On Tue, 28 Feb 2017 01:28, gl...@rempe.us said: > What though is the benefit of using gnupg key as the crypto behind the > client auth? Seems like you are more exposed by having a portable gpg It is up to the user where to store the key. For obvious reasons the user should use a token (e.g.

Re: Problems with GPGME returning "Not Implemented" or "Configuration error"

On Mon, 27 Feb 2017 15:20, jeste...@microsoft.com said: > I'm working on re-implementing GMime to use libgpgme (1.8.0 on Fedora > 25) instead of using my own custom logic for fork()ing/exec()ing gpg & Great, we like the use of the GPGME API. I guess GMime is not used by Evolution ;-) Which

Re: [Announce] GnuPG 2.1.19 released

On Fri, 3 Mar 2017 18:28, thomas.jaro...@intra2net.com said: > The support for multiple card readers sounds very promising. Indeed, I do not anymore need to open the door to the server room to change the card several times during release preparing (the commit key and the releasing signing key

Re: Problems with GPGME returning "Not Implemented" or "Configuration error"

Hi Jeff, On Fri, 3 Mar 2017 19:04, jeste...@microsoft.com said: > Anyone have any thoughts on this? Soneone of us will get back to you on Monday. We have been pretty busy with the 2.1.19 release the last week. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein

Re: export-minimal doesn't affect export-secret-key?

On Sat, 25 Feb 2017 16:26, pe...@digitalbrains.com said: > I'd like to add to the bug report that I also observe this behaviour > with GnuPG 1.4.18 on Debian jessie/stable (package 1.4.18-7+deb8u3) and > GnuPG 2.0.26 on the same (package 2.0.26-6+deb8u1). So it is not just 2.1. FWIW, it has been

Re: [Announce] GnuPG 2.1.19 released

On Wed, 1 Mar 2017 21:03, ankos...@gmail.com said: > Would it be possible with the next release to build also the python-2 > & 3 bindings for Windows? Good suggestion - we will look into it. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Re: Stripping expired subkey during export?

On Fri, 3 Mar 2017 07:21, gnupg-us...@spodhuis.org said: > Why is `export-clean` not dropping the expired subkey? Is it that > export-clean only filters unusable userids, not unusable subkeys? Right: /* Always do the cleaning on the public key part if requested. * Note that both

[Announce] GnuPG 2.1.19 released

urrent releases are signed by one or more of these four keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB

Re: powertop(8) Points at gpg-agent.

On Fri, 17 Feb 2017 14:59, ra...@inputplus.co.uk said: > gnupg 2.1.18-1 on Arch Linux. I noticed powertop ranking the > gpg-agents, one per user, quite highly, and their impact is multiplied > by their number. strace(1) showed the two-second select(2) timing out > with no syscalls in between,

<    5   6   7   8   9   10   11   12   13   14   >