Re: setting GnuPG card to 'not forces' does not let sign

2017-06-16 Thread Matthias Apitz
El día lunes, junio 12, 2017 a las 12:58:23p. m. +0200, Werner Koch escribió: > On Mon, 12 Jun 2017 12:38, g...@unixarea.de said: > > > Do you know of any other CCID reader for ID-000 size cards? > > I have a sample of the Gemalto Shell Token here. It has been around for > quite some time and

Re: modern GnuPG verify signatures

2017-06-16 Thread Stefan Claas
On Thu, 15 Jun 2017 22:47:00 +0200 Stefan Claas wrote: > Well, then let's wait and see what other people say, who know the code. > Maybe members can confirm the same behaviour under Windows and Linux. O.k., i checked the Windows version of modern GnuPG and there it is

Re: How to join pubring.kbx and pubring.gpg?

2017-06-16 Thread Juan Miguel Navarro Martínez
On 2017-06-16 at 10:27, Binarus wrote: > Here is where my worry begins. AFAIK, all PGP variants are using RSA key > pairs. A public X.509 certificate is just a container for such keys (and > possibly has information about the certificate chain). Given that, in my > naive world, it should be no

Re: How to join pubring.kbx and pubring.gpg?

2017-06-16 Thread Binarus
On 16.06.2017 11:32, Damien Goutte-Gattat wrote: > Well, there is the Monkeysphere's pem2openpgp tool [1], but AFAIK it > only works with *private* keys, not public keys. Most articles / tutorials I came across during my research were dealing with private keys ... that should have made me

Re: How to join pubring.kbx and pubring.gpg?

2017-06-16 Thread Damien Goutte-Gattat
Hi, On 06/16/2017 10:27 AM, Binarus wrote: Unfortunately, I didn't find any hint on how to extract that key. It is in the certificate for sure, and I think I will eventually be able to dump it after playing some time with OpenSSL, but then I eventually won't know how to integrate it into

Re: How to join pubring.kbx and pubring.gpg?

2017-06-16 Thread Peter Lebbing
On 16/06/17 10:27, Binarus wrote: > [...] or if the whole software / data exchange protocol depends on > the sort of key. In other words, even if I would manage to extract > the key and to integrate it into the Enigmail / gpg4win world, would > the communication partner be able to decrypt the

Re: Key expiration question

2017-06-16 Thread Peter Lebbing
On 16/06/17 08:17, listo factor via Gnupg-users wrote: >> An expired key will definitely not be able to issue valid >> signatures after the expiration date. > > There is nothing ~in the key itself~ that prevents any key from > being used to create signatures There is nothing ~in the key itself~

Re: How to join pubring.kbx and pubring.gpg?

2017-06-16 Thread Binarus
At first, I'd like to thank you for the great explanations. On 14.06.2017 19:21, Juan Miguel Navarro Martínez wrote: > As far as I know, GPGSM is a GPG tool to use X.509 certificates. That's > not the OpenPGP protocol. With this said... Here is where my worry begins. AFAIK, all PGP variants are

Revoking a certificate (--edit-key + revsig)

2017-06-16 Thread Teemu Likonen
My question is simple (kind of): In what situations would you revoke a certificate that you have made on someone else's key? (Technically: --edit-key + revsig.) Background concepts: When we sign a key (--edit-key + sign) we certify a particular user id, the link between the user id and person (or

Re: Key expiration question

2017-06-16 Thread listo factor via Gnupg-users
On 06/13/2017 01:02 PM, Peter Lebbing wrote: An expired key will definitely not be able to issue valid signatures after the expiration date. There is nothing ~in the key itself~ that prevents any key from being used to create signatures, it is only a feature of the software used to create