Re: gpgsm --gen-key with key on smartcard

On Wed, 28 Feb 2018 16:30, thomas.jaro...@intra2net.com said: > what do you think about Peter's idea: > > $ gpg --with-keygrip --card-status If you use that with --with-colons you can also script this. But that is about gpg and not about gpgsm. gpgsm has no external card interface because the

Re: entropy gathering daemon

On Wed, 28 Feb 2018 15:53, ed...@pettijohn-web.com said: > for chroot'd programs that need it on a filesystem mounted nodev. I > sent some patches awhile back to add arc4random_buf as the entropy > gathering 'device'. Which I've been using with no problems since. And In case you have a problem

Re: Fwd: gnupg SmartCard V3.3

On Tue, 27 Feb 2018 01:04, k...@glsys.de said: > gpg2 --version is 2.1.11 That is a pretty old an somewhat buggy version which will likely have problems with newer smartcards. > Tried gpg (GnuPG/MacGPG2) 2.2.3 > on a completely different machine (mac) That version is recent enough and as long

Re: Configuration for offline usage - best practice tips?

On Fri, 23 Feb 2018 23:08, jc.gnupg...@unser.net said: > Yes, that's what I plan to do, generate a subkey for each month in advance > and use this to encrypt my backups. That raises the question for us whether it will make sense to change --quick-add-key fpr [algo [usage [expire]]] to add

Re: Issuing non self-signed certificate without having the private key in gpgsm keyring

On Fri, 23 Feb 2018 19:21, j...@netbsd.org said: > ATM (with gpgsm (GnuPG) 2.2.4) , due to [1], gpgsm cannot sign > certificate for which a public key has been imported but without an > associated private key to it (disregarding the self-signing What you here is to create CSR (Certifciate

Re: Not enough information to check signature validity

On Wed, 7 Feb 2018 23:59, marshallabr...@alumni.cmu.edu said: > A friends had to re-install gpg4win as a result of a hard disk > failure. Since then, all encrypted files received from her come with a > warning "Not enough information to check signature validity." What can You don't have her

Re: entropy gathering daemon

On Sun, 4 Feb 2018 08:44, ed...@pettijohn-web.com said: > Is it no longer possible to use egd? Most of the info I can find seems If Libgcrypt has been configured with EGD support this should still work. I have not tested it for more than a decade, though. Why do you want to use it? Which OS

Re: initramfs - gpg decryption failed invalid IPC response

On Wed, 31 Jan 2018 22:25, m...@davidlasek.eu said: >     gpg (GnuPG) 2.2.4 >     libgcrypt 1.8.2 > And prints: > >gpg: encrypted with RSA key, ID . created > > >gpg: public key decryption failed: Invalid IPC response > >gpg: decryption failed: No secret key Can you please add

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

On Wed, 21 Feb 2018 07:27, b...@adversary.org said: >> No, there is no way to configure an extra hack to also test a passphrase >> for an ssh key. > > Wanna bet? Oh no, I don't want to promote create solutions of our complex API ;-) Shalom-Salam, Werner -- # Please read: Daniel

Re: gpgsm --gen-key with key on smartcard

On Wed, 28 Feb 2018 10:56, thomas.jaro...@intra2net.com said: > When using a smartcard, what about showing the openpgp key IDs > in the "Available keys" menu? gpgsm does and shall not know anything about OpenPGP. Thus it can't display OpenPGP information. In theory we could display the

Re: generate key using specific cipher

On Mon, 26 Feb 2018 05:40, e...@norma.perm.ru said: > I'm trying to learn how to use gpg/libgcrypt with GOST cryptography > (actually I'm moving from openssl, where GOST is deprecated due to > poor code quality to the gpg/libgcrypt software, where GOST is present > since 1.7.0), and since the

[Announce] GnuPG 2.2.5 released

ll tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch

Re: enigmail with pgp 2.2.4

Hi! On Thu, 22 Feb 2018 11:04, bere...@hotmail.com said: > gpg: skipped packet of type 12 in keybox Are you sure this if gpg 2.2.4 ? The error looks more like this is a gpg version < 2.1.20. Type 12 are ring trust packets which are used internally by gpg. The code which shows this error is

Re: Why Operating Systems don't always upgrade GnuPG

On Tue, 20 Feb 2018 20:36, n...@walfield.org said: > "uncool". I left because we (Werner and I) could not work well > together. This is the same reason that Justus, Kai and Marcus left. Okay, you raised it and now my Lavamat wants to reply on this: Secret negotiations with other companies,

Re: Why Operating Systems don't always upgrade GnuPG

On Mon, 19 Feb 2018 19:45, d...@fifthhorseman.net said: > GnuPG is under active development, and it has never had a fully-featured > stable API (Application Programming Interface). What i mean is, there > are some capabilities that are only available from the user interface > (UI), and are not

Re: How can we utilize latest GPG from RPM repository?

On Fri, 16 Feb 2018 14:38, konstan...@linuxfoundation.org said: > (if someone can recommend a better way that only statically links > gnupg's own libraries like libassuan and libgpg-error, but uses shared > objects for other system libraries, please let me know, as I didn't find > any quickie

Re: Configuration for offline usage - best practice tips?

On Thu, 15 Feb 2018 21:33, jc.gnupg...@unser.net said: > implementations and standards or strong encryption in general, I expect > that a configuration for offline usage might be different from one for > general purpose encrypted communication. If you never want to use any online resource, you

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

On Tue, 13 Feb 2018 15:03, ambre...@gmail.com said: > Thanks for the detailed answer. But why not doing it for SSH then? I like to see when an ssh key is used the first time. Note that the maximum caching time for ssh keys can be configured independent from the caching time of other keys. >

Re: Use the same passphrase for PGP and SSH keys and get prompted only once by gpg-agent

On Fri, 9 Feb 2018 14:25, ambre...@gmail.com said: > this time the SSH key is obviously encrypted with the same passphrase as > my GPG key, since it's part of it. Any clue why gpg-agent keeps asking? gpg (or correct gpg-agent) can't know which passphrase is used for each key or subkey.

Re: draft-ietf-openpgp-rfc4880bis-04

On Fri, 9 Feb 2018 03:18, gnupg-users@gnupg.org said: > ...and that's the end of hashed subpackets. That should be all that is hashed > for the signature, yet there is the remaining octets in m: > > 04ff000c See 5.2.4, Computing Signatures: | V4 signatures also hash in a final trailer of

Re: draft-ietf-openpgp-rfc4880bis-04

On Sat, 3 Feb 2018 06:25, gnupg-users@gnupg.org said: > I don't know if this is an error in the documentation, but I cannot obtain > the sha256 result here: Using the gpg option --debug hashing will create files with the hashed material. This is often very helful. Shalom-Salam,

Re: gpg: do_plaintext(): wrote 1210414045 bytes but expected 822504068 bytes

On Mon, 5 Feb 2018 16:41, jlight...@dsservices.com said: > Basic questions: > 1) Is the above message in fact an "error"? Yes. It may either indicate an internal error in gpg or a wrong usage (see next). > 2) What exactly does it mean? When starting the encryption and if possible gpg records

Re: [patches] add support for arc4random_buf()

On Tue, 6 Feb 2018 06:25, ed...@pettijohn-web.com said: > Please see attached patches to add support for arc4random_buf() as an > alternate to /dev/{u}random. I tried to be as unobtrusive as possible > and maintain style. It should also allow the user to still define > RANDOM_CONF_ONLY_URANDOM if

Re: pinentry fails with gpg-agent for ssh, but works for gpg

On Thu, 25 Jan 2018 09:39, g...@unixarea.de said: > $ ssh some-host > > fails to ask for the PIN. That is because ssh has no mechanism to tell the ssh-agent (in this case gpg-agent) the DISPLAY or tty to use for pinentry. This the pinentry pops up on the tty or X server gpg-agent was initially

Re: Subpacket 33 and GnuPG Specifics on RFC-4880 Tag ID's, algorithm identifiers, etc

On Thu, 25 Jan 2018 05:43, gnupg-users@gnupg.org said: > After looking at the content of subpacket 33, it appears to be the > signing-key's fingerprint prepended by '0x04'. > > So I'm guessing subpacket 33 is to be a more robust version of subpacket 16 > (Issuer)? Right. From RFC-4880bis

Re: Keys clean of all signatures except those made by others I trust

On Tue, 23 Jan 2018 08:41, gnupg-users@gnupg.org said: > I would like to clean the key of the spam signatures while preserving > any signatures made by Alice (or anyone else I have trusted on my > keyring). Does there exist a command/option to accomplish this in > gpg2? I do blacklisting of

Re: Why exactly does pinentry fails with gpg-agent and ssh support?

On Sun, 21 Jan 2018 17:41, doron.be...@gmail.com said: > As far as I understand, because I use `systemd`'s user service, whenever > I want to unlock an authentication key I need to run the command > `gpg-connect-agent updatestartuptty /bye`. Although I have no experience with the peculiarities

Re: failed to convert unprotected openpgp key: Checksum error

On Mon, 22 Jan 2018 03:40, skiss...@medallia.com said: > showing that problem (whatever it is) isn't the User ID. (My reading of > RFC4880 > section 5.11 is that having an email in the User ID is just a convention not > mandatory, so software should be robust in the face of User IDs breaking

Re: gnupg-2.2.4: how to deal with failed tests

On Thu, 18 Jan 2018 15:41, nbsd4e...@gmail.com said: > --enable-selinux-support --with-libgpg-error-prefix=/usr/local \ ^^ Ah! There is a second case where you see the reported error message: #ifdef ENABLE_SELINUX_HACKS if (1) { /* We don't allow

Re: gnupg-2.2.4: how to deal with failed tests

On Wed, 17 Jan 2018 15:18, nbsd4e...@gmail.com said: > "gpg: importing secret keys not allowed" Which means you are trying to import from a keyserver, WKD, DANE etc. That is very strange. How did you build gnupg, did you checked the signature of the source, is there anything special in your

Re: gnupg-2.2.4: how to deal with failed tests

On Wed, 17 Jan 2018 07:50, nbsd4e...@gmail.com said: > tests/openpgp/armor.scm There will be a file tests/openpgp/armor.scm.log which should give you some more insight. You can alos run single tests or all in a more verbose mode. See the ERADME file in the tests directory. > Grateful for

Re: Will gpg 1.x remain supported for the foreseeable future?

On Wed, 17 Jan 2018 01:26, d...@kegel.com said: > I'm starting to suspect that using version 2.x of gnupg is simply not > a good idea when writing shell scripts that have to run unattended > and not touch system keychains or agents. Actually 2.2 is much easier to script than 2.1. Watch out for

Re: Will gpg 1.x remain supported for the foreseeable future?

On Wed, 17 Jan 2018 03:52, r...@sixdemonbag.org said: > The game plan has always been to retire 1.4 as soon as practical. Do > not rely on it existing in the future. Kind of: 1.4 will be kept alive for use with PGP 2 encrypted and signated data and maybe for old platforms. However, modern

Re: key distribution/verification/update mechanisms other than keyservers

On Tue, 16 Jan 2018 22:56, kristian.fiskerstr...@sumptuouscapital.com said: >> (c) rejected all third-party certifications -- so data attached to a >> given primary key is only accepted when certified by that primary >> key. >> > > thanks for this post Daniel, my primary question

Re: Remove public key from keyserver

On Tue, 16 Jan 2018 20:37, stefan.cl...@posteo.de said: > users who uploaded their public keys on key servers would not > reveal that they know each other as shown with their signatures, > which the classical WoT somehow requires, instead of using local sigs. I do not know most of the people

Re: Remove public key from keyserver

On Tue, 16 Jan 2018 16:34, stefan.cl...@posteo.de said: > the public key. He / she is not forced to provide any identity via other > web sites etc. Doing this is a method they have implemented as sort I know, but keybase.io's goal is (or was, back when I tested it) to use those connections to

Re: Remove public key from keyserver

On Tue, 16 Jan 2018 09:46, stefan.cl...@posteo.de said: > and add some funny things to "your" public key. This would be > also interesting to see how many signatures a public key can bear. You may look at my key to see funny things and thousands of key signatures from made up users. They print

Re: Remove public key from keyserver

On Mon, 15 Jan 2018 20:21, stefan.cl...@posteo.de said: > O.k. Werner invented WKD which solves those problems, if i'm not > mistaken, but is it besides keybase.io widely deployed? Nope. The Web Key Directory solves exactly one problem: How to initially map a mail address to a key. This

Re: Extract signature key ID with gpgme

On Thu, 11 Jan 2018 07:19, al...@archlinux.org said: > I am looking for a way to extract the issuer key ID from a signature > file using gpgme without firstly having verified the signature. There is no API for this and I am not sure how to do this best. The straightforward method would be to

Re: is there a preferred order to building dependencies for gnupg2

On Wed, 10 Jan 2018 12:39, dgouttegat...@incenp.org said: > Libgpg-error should be built first as it is required by all other > libraries except npth. Right. I have a standard build order, though. This is codified in the speedo build script make -f $GNUPGSRC/build-aux/speedo.mk Would it

Re: How to batch generate ECC key

On Fri, 29 Dec 2017 16:53, gnupg-kont...@rezart.qelibari.de said: > Thank you so much! This did the trick! I am very impressed. I just added a mapping from the displayed names to the canonical names. Thus with the next release (2.2.5) "ed25519" and "cv25519" should work. Salam-Shalom,

Re: Updating recurring donation payment information

On Wed, 27 Dec 2017 21:01, bra...@majic.rs said: > Is there a way to update recurring donation information? In particular > the payment card info :) The easiest way is to write to donati...@gnupg.org (that's currently me). I will then cancel your subscription and you may create a new one.

Re: gpg2 export secret key without passphrase

On Wed, 27 Dec 2017 18:13, calebc...@gmail.com said: > How does one export a gpg2 private key without a passphrase? See MFPA's recipe for a workaround. We have an open bug for this: https://dev.gnupg.org/T1753 Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein

[Announce] GnuPG 2.2.4 released

erprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 0437 6F3E E085 6959 David Shaw (GnuPG Release Signing Key) rsa2048 2014-10-29 [expires: 2020-10-30] Key fingerprint

Re: Expired cert with HSTS for this list

On Tue, 19 Dec 2017 09:13, kwadron...@aktivix.org said: > around. Might be time to let LetsEncrypt refresh the certs automagically > every once in a while. Yeah. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpIj_hOCC2O6.pgp Description: PGP

Re: Upgraded gpg from 1.4.18 to 2.1.18: --default-recipient-self no longer works

On Wed, 13 Dec 2017 09:36, w...@gnupg.org said: >> (1) The documentation for --default-key says: >> >> Use name as the default key to sign with. >> >> But the documentation for --default-recipient-self >> implies that it is also for encryption, not just signing. > > Both commands are basically

Re: Upgraded gpg from 1.4.18 to 2.1.18: --default-recipient-self no longer works

On Wed, 13 Dec 2017 02:17, gn...@raf.org said: > The gpg command is something like: > > cmd... | gpg --default-recipient-self --encrypt --output filename.gpg For all unattended use you need to add --batch (in all versions of gpg since he very beginning). > gpg: cannot open '/dev/tty': No

[Announce] GPGME 1.10.0 released

espective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB

Re: Compiling libgcrypt with ECC

On Tue, 12 Dec 2017 02:47, nulik...@gmail.com said: > I want to compile a lightweight version of libgcrypt with Public Key > encryption using Elliptic curve cipher, but what do I feed on the > ./configure command line for " --enable-ciphers" parameter? Is there a list Nothing. ECC support is

Re: onepass_sig without corresponding signagure packet

On Mon, 11 Dec 2017 02:13, marcin.krzyzanow...@gmail.com said: > my question is… where is this signature from? why this is a valid message? --list-packets sometimes swallows the past packet and thus you don't see it. Long standing bug. Shalom-Salam, Werner -- Die Gedanken sind frei.

Re: pgpdump alternative for gpg2

On Fri, 8 Dec 2017 16:28, gcry...@gmail.com said: > I want to see gpg2 key parameters packets. pgpdump v0.32 doesn't support > gpg2 (especially elliptic curve cryptography packets) and "gpg2 > --list-packets" doesn't show key parameters. is there any way to see key > parameters (d, q and curve)

Re: Elliptic curve point multiplication with libgcrypt

On Thu, 7 Dec 2017 09:53, gcry...@gmail.com said: > my question is how do you implement Q=dG in C with libgcrypt? any idea > about my mistakes and how should I fix them? You may want to look at libgcrypt/tests/t-mpi-point.c which does many operations on points. Salam-Shalom, Werner --

Re: Performance regression, 2.2.3/recent?

On Mon, 4 Dec 2017 01:31, gnupg-us...@spodhuis.org said: > 2.2.3. The major change I see are the fixes for bug 3446 which involves a new locking strategy during import. However, that should not affect a key listing. > At this point, I really have no idea what is a good path to investigate >

Re: Performance regression, 2.2.3/recent?

On Sun, 3 Dec 2017 02:20, gnupg-us...@spodhuis.org said: > Anyone else seeing major slowdowns with keyring dumping in recent GnuPG > on Linux? By recent do you mean 2.2.3 or a Git version (2.2 branch or master)? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein

Re: Extending validity of main- and subkeys in one step possible?

On Thu, 30 Nov 2017 11:19, gnupgpac...@on.yourweb.de said: > Sorry, it doesn't work for GPG v1.4.22... That is quite possible. Won't be changed. Please use 2.2. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpfvBsYwoUga.pgp Description: PGP

Re: Extending validity of main- and subkeys in one step possible?

On Tue, 28 Nov 2017 11:27, gnupgpac...@on.yourweb.de said: > is there any possibility to extend key's validity of *all* keys in a keyset > in *one* step? key * selects all keys. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpYYus0vMvHA.pgp

Re: gpg in windows hanging rarely

On Sun, 26 Nov 2017 09:05, gnupg-users@gnupg.org said: > https://dev.gnupg.org/T3378 might be it. Let me know if I can be of any > assistance. Right. It is hard to replicate and, worse, we can't replicate it with any debug logging enabled. Salam-Shalom, Werner -- Die Gedanken sind frei.

Re: Getting more verbose details of a key

On Sat, 25 Nov 2017 11:54, 2017-r3sgs86x8e-lists-gro...@riseup.net said: > How about gpg --list-keys --file filename? Well, a single command would be better. I am currently thinking about --show detect type of input and use approriate listing --show-key assume a key and list that

Re: Ask gpg-agent/scdaemon to release a smartcard?

On Fri, 24 Nov 2017 10:30, nicolas.boul...@ecp.fr said: > Is there a way I can ask gpg-agent/scdaemon to release this smartcard, gpg-connect-agent 'scd killscd' /bye Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpcMpAbDceKb.pgp Description: PGP

Re: Encrypt to a key without importing it to keyring

On Wed, 22 Nov 2017 11:16, seby2k...@gmail.com said: > Is there any possibility i could encrypt some text to a public key but > without importing it to my keyring? Passing it to gnupg via command line or gpg -e -f FILE_WITH_KEY or -F for hidden recipient. --recipient-file file -f

Re: Complete Ubuntu compile of GnuPG

On Wed, 22 Nov 2017 03:44, mac3...@gmail.com said: > sudo apt-get install -y libgmp-dev > sudo apt-get install -y nettle-dev > sudo apt-get install -y libgnutls28-dev These are also not needed because the speedo Makefile will download and use ntbtls instead. Shalom-Salam, Werner -- Die

Re: Complete Ubuntu compile of GnuPG

On Wed, 22 Nov 2017 03:44, mac3...@gmail.com said: > sudo apt-get install -y adns-tools You should not need this. > sudo apt-get install -y pcscd scdaemon I guess you install scdaemon to get some infrastructure provided by Ubuntu in their scdameon package. > Specifically G13 and WKS tools

Re: Getting more verbose details of a key

On Tue, 21 Nov 2017 14:01, pe...@digitalbrains.com said: > How about just --show? It was suggested in an unfriendly manner at Similar to Wouter's suggestions --show is not specific enough and does not explain that this is to show the keys and not messages. > a file without processing it make

[Announce] GnuPG 2.2.3 released

not been tampered by malicious entities we provide signature files for all tarballs and binary versions. The keys are also signed by the long term keys of their respective owners. Current releases are signed by one or more of these four keys: rsa2048 2011-01-12 [expires: 2019-12-31] Key fingerp

Re: Using the OpenPGP Card on Unix && Win7

On Mon, 20 Nov 2017 08:56, g...@unixarea.de said: > I killed a running SmartCard Service on Win7 and tested GnuPG on a > Cygwin command line. It says: Cygwin - I would not suggest to use this. We have no idea on whether the RNG does what we want it to do. The IPC mechanism and

Re: Getting more verbose details of a key

On Sun, 19 Nov 2017 15:10, pe...@digitalbrains.com said: > GnuPG by default does not show *expired* subkeys. Use --list-options > show-unusable-subkeys to do that. Let me also add that using gpg without any command (as in "...|gpg") is deprecated because the output you see is more of a debug

Re: your message could not,be delivered to one or more recipients.

On Thu, 16 Nov 2017 17:56, w...@uter.be said: > Alternatively, AOL might be trying to send the mail from a different Very likely - greylistd comes with a list of whitelisted AOL server pools. 204.29.186.0/24 is not yet in this list - I added it to the local installations. Salam-Shalom,

Re: Using the OpenPGP Card on Unix && Win7

On Thu, 16 Nov 2017 13:56, g...@unixarea.de said: > I copied over GNUPGHOME and gpa and OutLook can see/use the pub key. To > get access to the Card, I need some driver in Win7. Do you know any > reliable place to fetch from. Usually the Windows hardware detection (a menu item like "Install new

Re: Help with error please

On Wed, 15 Nov 2017 19:26, jonat...@emitting.com said: > Provided object is too short This a bug in gpgsm on Windows when there are no keys. We are currently testing a a new revision of gpg4win which will solve the problem. As a workaround you may start GPA on the command line: gpa

Re: Using the OpenPGP Card on Unix && Win7

On Wed, 15 Nov 2017 09:06, g...@unixarea.de said: > Before digging into all the details by my own and esp. because in Windows I'm > only a > DAU(*), is there some step by step guide to configure the OpenPGP Card in > Windows and using the files from the GNUPGHOME on FreeBSD in Windows? Actually

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

On Tue, 7 Nov 2017 14:45, gnupg-users@gnupg.org said: > Could you elaborate on the 'why' part of this enforced pinentry usage > with GnuPG? It wasn't mandatory in 1.x, now it's forced on us. It is definitely not new. GnuPG 1.9 was released 14 years ago (it was renamed to 2.0 2.0 11 years ago).

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

On Wed, 8 Nov 2017 12:28, r...@splintermail.com said: > Yes, I reset my gpg-agent (killall -1 gpg-agent) each time, and was > prompted with a pinentry prompt each time. [ Please use "pkill -HUP gpg-agent" and never ever killall - which has, aehm, funny effects on other Unices. ] gpgconf

Re: GnuPG 2.2.2 speedo swdb.lst

On Tue, 7 Nov 2017 16:29, mac3...@gmail.com said: > $ cat swdb.lst > gnupg22_ver 2.2.1 > gnupg22_date 2017-09-19 Oh sorry. I only generated the new swdb.lst but forgot the "make upload". Done now. Thanks, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Re: GnuPGv2 & 'pinentry' on Linux w/ remote access

On Mon, 6 Nov 2017 22:49, gnupg-users@gnupg.org said: > It's rather cumbersome and very dodgy at least. How do others deal with > this? Or is everyone using GPG solely in GUI environments nowadays? ;) If I want to test the curses Pinentry I simply run DISPLAY= gpg ... and get the curses

[Announce] GnuPG 2.2.2 released

e signed by one or more of these five keys: 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31] Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 Werner Koch (dist sig) rsa2048/E0856959 2014-10-29 [expires: 2019-12-31] Key fingerprint = 46CC 7308 65BB 5C78 EBAB ADCF 043

Re: Efficent batch fetching with verification?

On Sat, 4 Nov 2017 06:06, robb...@gentoo.org said: > Yes, the older versions do perform much worse, but even with gnupg2.2, > each exec of gpg is still at least 100ms, which adds up over time. I doubt that, let's see: $ time sh -c 'seq 1 1 | xargs -n 1 gpg --version >/dev/null' real

Re: Efficent batch fetching with verification?

On Fri, 3 Nov 2017 06:20, robb...@gentoo.org said: > Presently, the code is effectively this: > ...cat-list-of-fingerprints... | xargs gpg --recv > > This has the downside of causing many execs. Right after a clean startup of your user session you will see these execs: 1. xargs execs gpg

Re: Verify that the file is from who I expect it to be from

On Fri, 27 Oct 2017 05:55, dan.ho...@redbone.co.nz said: > Thanks - I get the line saying "good signature" i n my message, but are you > saying that I have to grep the output for the message and the email address > of the encryptor? Never ever do this. You need to use --status-fd to get well

Re: Verify that the file is from who I expect it to be from

On Fri, 27 Oct 2017 06:01, dan.ho...@redbone.co.nz said: > gpg2 --verify-sign Verification against a set of known keys is done using gpgv gpgv FILE which uses ~/.gnupg/trustedkeys.gpg. To specifiy another file with keys you use gpgv --keyring KEYRING FILE here is how we do this when

Re: gpg 2.2.x devuan jessie no TOFU TLS

On Thu, 26 Oct 2017 16:00, fulanope...@cryptolab.net said: > checking for LIBGNUTLS... no The minimal requirement is GNUTLS 3.0 - please check that you have the 3.x -dev package installed. You should also consult config.log to check why GNUTLS was not found. Salam-Shalom, Werner -- Die

Re: gpg-agent 2.1 persistent socket between sessions

On Wed, 25 Oct 2017 11:27, laurent.lav...@ladtech.fr said: > Actually the first time a gpg-agent is launch, it create a socket in > /run/user/PID/gnupg/ but when i logout this folder is cleaned by systemd and > then if i come back i can't reconnect to the running gpg-agent because the > socket

Re: Importing an off-card backup of the encryption key of a Nitrokey fails with "no user ID"

On Tue, 24 Oct 2017 21:23, sourcel...@mailbox.org said: > but I had hoped that it is possible to use the backup key without a > card. Any hints here, is this possible? There is no tool yet to do this. Let's track this at https://dev.gnupg.org/T3466 Salam-Shalom, Werner -- Die Gedanken

Re: gpg: [don't know]: 1st length byte missing

On Sat, 21 Oct 2017 17:38, felix.k...@inka.de said: > See the attached file. When I try to decrypt it using `gpg -d`, I get: > > gpg: [don't know]: 1st length byte missing The data is corrupted. It consists of a probably corrected public key encrypted packet (with the encrypted session key)

Re: Key Storage Abstraction?

Hello! On Sun, 15 Oct 2017 22:35, gnupg-users@gnupg.org said: > I've been looking for a way to provide GNUPGP with a custom I assume you mean GnuPG. > implementation of a key ring, as I gather there is such a thing as > WKS, but I cannot find any documentation on how I can implement this The

Re: 20171005-gnupg-ccid-card-daemon-UbuntuPhone

On Fri, 13 Oct 2017 20:17, g...@unixarea.de said: > Thanks for your comments and the suggested changes. I can't change the > blog page due to missing write access there. The suggested changes are If you wish, send we a git diff and I will apply it. The link to the source is in the footer of the

Re: Redundant certificate in keyring

On Tue, 3 Oct 2017 09:12, r...@sixdemonbag.org said: > Somehow, this cert got introduced into my keyring twice. I don't know I assume you are hit by https://dev.gnupg.org/T3446 most likey because you used auto-key-retrieve with Enigmail. > There appears to be a bug in the keybox code;

Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

On Wed, 11 Oct 2017 20:56, ved...@nym.hush.com said: > londo@londo-earth-trinket:~$ gpg2 --verbose --verbose --version > gpg (GnuPG) 2.1.11 > libgcrypt 1.6.5 > > Should I get the new Libcrypt? Yes, you should get 1.7. And while you are already at it, you better also update to gpg 2.2.1. There

Re: FAQ and GNU

On Wed, 11 Oct 2017 09:15, n...@walfield.org said: > I'm aware of an effort that tried to port GnuPG to Android. bionic > was a source of several problems. As far as I know, the work is Actually we solved the Bionic problems a long time ago. The major problem was actually custom pinentry for

Re: FAQ and GNU

On Tue, 10 Oct 2017 20:55, b...@adversary.org said: > Has anyone managed to get any part of the GPG libs to compile on > Android/Linux? As far as I'm aware no one has and all OpenPGP There might be a problems with the current release but GnuPG is expected to build for Android just fine. And on

Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

On Tue, 10 Oct 2017 20:26, ved...@nym.hush.com said: > gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc. You left out the line which tells the libgcrypt version numbers like in $ gpg --version gpg (GnuPG) 2.2.1-beta1 libgcrypt 1.8.1 [...] Salam-Shalom,

Re: FAQ and GNU

On Tue, 10 Oct 2017 04:06, r...@sixdemonbag.org said: > A request has been made that each instance of "Linux" in the FAQ be > replaced with "GNU/Linux". Some distros call themselves "Foo GNU/Linux" and if the part of the FAQ is about this specific distro, you should call it this way. However in

Re: Available Key Attributes Options

On Mon, 9 Oct 2017 15:04, a...@nitrokey.com said: > I can manipulate the key attributes. But I am wondering where I can find > out what options I have for the last to paramters. Use the source, Luke. > So when do I have to use the '22' and in which case a '18'? Does it say That is the OpenPGP

Re: libpampoldi

On Mon, 9 Oct 2017 10:37, a...@mecadu.org said: > I think poldi source code caan be found here: https://github.com/gpg/poldi Note that the canonical location for Poldi is git://git.gnupg.org/poldi.git The github page actually states that this is an unofficial mirror. If you want to report a

Re: auto-key-retrieve usefulness/annoyance

On Thu, 5 Oct 2017 21:06, d...@fifthhorseman.net said: > A more user-friendly approach (setting aside current architecture and > privacy concerns) would be to fire off a retrieval in the background and > to return immediately with seomthing like "unknown key, retrieval Actually a similar thing

Re: GnuPG-card works in the Ubuntu smartphone

Hi! Matthias wrote a HOWTO for the GnuPG blog: Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpIUmgOZuTML.pgp Description: PGP signature

Re: 1024 key with large sub key

On Thu, 5 Oct 2017 18:39, r...@sixdemonbag.org said: >> Blowfish used to be the only freely available cipher when I started with >> gpg. > > ... wait, 3DES was patent-encumbered? Not that I know. But it was old and Blowfish was everywhere (in particular due to Schneier's book Applied Crypto).

Re: 1024 key with large sub key

On Wed, 4 Oct 2017 22:29, r...@sixdemonbag.org said: > I know this wasn't addressed to me, but what the heck. I won't share my > preferences, but this is some modestly-accurate history. Thanks for sharing the history; here are some of my remarks. > Twofish became part of the suite of ciphers

Re: auto-key-retrieve usefulness/annoyance

On Wed, 4 Oct 2017 20:01, tliko...@iki.fi said: > The result: There's a delay of several seconds every time I open the > message and in the end my email client (Gnus) says: I have exactly the same problem but I do it anwyat - there is not much we can do about it. The default timeout for such

Re: 1024 key with large sub key

On Sun, 1 Oct 2017 19:18, tim@gmx.net said: > this 1024 key has a 8192 sub key what is te meaning of such a large sub key? It means that a user of that key has a way to identify that subkey by means outside of gpg. That user and the holder of that key also have verified every bit of the

Re: 1024 key with large sub key

On Mon, 2 Oct 2017 21:04, r...@sixdemonbag.org said: > I'd like to open a discussion about removing this option. Please not again. That whole largeRSA key mess was a compromise to silence a very few individuals who had, well, interesting ideas on required key sizes. Sometimes it is easier to

<    4   5   6   7   8   9   10   11   12   13   >