On Tue, 4 Jan 2011 22:37, johnicholas.hi...@gmail.com said:
Is there a built-in way to reverse the double-dash mangling for nested
clearsigned messages?
gpg --verify --output inner.asc outer.asc
Verifies the outer signature and writes the signed text to inner.asc
which may then be verified
On Sun, 9 Jan 2011 16:58, o...@enigmail.net said:
since I'm not the only one that cannot use SHA256/SHA512 with the v2
card, may I ask you to test signing with an OpenPGP card v2 using hash
I just checked the sources: It seems you are using 2.0.16 from gpg4win.
This version does not support
On Wed, Jan 5, 2011 at 3:20 AM, Werner Koch w...@gnupg.org wrote:
gpg --verify --output inner.asc outer.asc
Verifies the outer signature and writes the signed text to inner.asc
which may then be verified as usual.
Sorry, I was wrong. --verify does not output any data. You need to
leave
On Tue, 11 Jan 2011 18:22, bo.bergl...@gmail.com said:
When I open the preferences in GPA there are next to no settings at
all that can be configured. :-(
Select Edit-Backend_Preferences. This allows to change many more
options. It is basically a menu for most of the configuration options
of
On Wed, 12 Jan 2011 11:01, nicholas.c...@gmail.com said:
in section 1.2 about not signing crypt texts? Am I right that openpgp
always encrypts signed text, rather than signing encrypted text, and
No. It is common practice to sign and encrypt. For gpg it is not the
default. Before the
On Wed, 12 Jan 2011 04:56, k...@grant-olson.net said:
I'm assuming this just needs the year end bump. Looks like it expired
12-31-2010.
Right, I should have prolonged it again. The original plan was to
switch to an OpenPGP v2 card in time. I didn't achieved that because I
missed to buy an
with this new 2048-bit RSA key which
has also been generated on a smartcard:
pub 2048R/4F25E3B6 2011-01-12 [expires: 2019-12-31]
Key fingerprint = D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6
uid Werner Koch (dist sig)
sub 2048R/AC87C71A 2011-01-12 [expires
On Thu, 13 Jan 2011 05:29, ds...@jabberwocky.com said:
So GnuPG can't do this alone, but there are ways to configure GnuPG alongside
other packages and/or the OS to be safe(r) here. For example, if you can
arrange to run some commands as you are hibernating, you could get gpg-agent
to
On Thu, 13 Jan 2011 12:23, joh...@vulcan.xs4all.nl said:
For Windows, TrueCrypt has a free open source solution to this in the
form of system encryption.
Does not help. Despite that we talked about hibernation, most users
don't use S4 (Suspend-to-Disk) but the system goes into S3
Hello!
We are pleased to announce the availability of a new stable GnuPG-2
release: Version 2.0.17.
The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
and data storage. It can be used to encrypt data, create digital
signatures, help authenticating using Secure Shell and to
On Thu, 13 Jan 2011 18:19, sinde...@gmail.com said:
Good to see 2.0.17 has been released, but I am somewhat mystified by the
gpgtar option thing I saw at the end of ./configure. I have no idea what
it is. Can anyone help me with this?
For many years we have gpg-zip which is a wrapper around
On Thu, 13 Jan 2011 11:50, nils.faer...@kernelconcepts.de said:
I could write a very simple driver which provides a mmap()able memory
area which the application can use, protected by the kernel, and which
will be automatically cleared upon suspend.
Would that solve the problem?
Yes.
How
On Thu, 13 Jan 2011 17:55, ved...@nym.hush.com said:
Usually, the screen saver will be activated by the OS well before
hibernation begins.
Sure, there are a lot of ways to hook into the suspend process. I was
talking about a standard signal (SIGABOUTTOSUSPEND) so that gpg-agent
could install
On Fri, 14 Jan 2011 10:06, nils.faer...@kernelconcepts.de said:
So, what do you think, would it be worth the effort?
If it would help GnuPG and if you would like to use it I would offer to
implement it and try to push it upstream.
It would definitely be helpful because it makes a safe
On Sat, 15 Jan 2011 21:21, jroll...@finestructure.net said:
describes in detail the meaning of the --with-colons output. It's
exactly the reference you're looking for when writing a program to parse
the --with-colons output.
FWIW, gpgme provides a reference implementation for it. In general
On Sat, 15 Jan 2011 00:25, gn...@oneiroi.net said:
Discussion, yes - tough one I think. If you mean by that pushing syscall
modification to mainstream - it's not
mmap already has a lot of flags. Adding another flag value should be an
easy task - assuming that one wants to use another bit
On Mon, 17 Jan 2011 14:14, bmarw...@googlemail.com said:
LANG=C is always ANSII. For UTF-8 use en_EN.UTF-8.
Sorry, we are talking about GnuPG's Windows port. The locale feature
under Windows is very different from what we all known. GnuPG uses its
own gettext implementation
On Mon, 17 Jan 2011 22:03, k...@grant-olson.net said:
1) Once I enter my pin, the card is unlocked as long as it's connected.
It depends on the card application. For the OpenPGP card it is true for
key 2 and 3. For key 1 see below. A reset operation locks the keys
again. (Try:
On Wed, 19 Jan 2011 17:46, ds...@jabberwocky.com said:
Not really (or at least, not within GnuPG). The thing is, it doesn't
really matter in practice. OpenPGP has its own corruption detection
called a MDC, that applies even if part of the armor (the END PGP
MESSAGE) is missing. A truncated
Hi!
I'd like to see a feature in MUAs to wrap the entire mail as presented
in the composer into a message/rfc822 container and send the actual
message out with the same headers as in the rfc822 container. This
allows to sign the entire mail including the headers. On the receiving
site the MUA
On Tue, 18 Jan 2011 15:14, bernh...@intevation.de said:
Looks like it needs libassuan-2.0.1 and the configure check for this does not
indicate it when running with libassuan-dev 2.0.0-0kk1.
Right, the check is missing. I'll add it.
BTW: Was there an announcement of libassuan 2.0.1?
On Tue, 18 Jan 2011 17:21, marco+gn...@websource.ch said:
for me whenever the smartcard hasn't been used for some time. I do this
to reduce the chance that someone can use the unlocked card while I'm
away or when I forget to pull the card.
That does only help if you have a pinpad equipped
On Wed, 19 Jan 2011 19:32, ds...@jabberwocky.com said:
If I remember correctly, GPG only complains for invalid CRC. A missing CRC
is legal, as the CRC is a MAY.
I checked the code and there is a missing CRC message. I also recalled
the the CRC is may. Looking again at it I noticed that I
On Tue, 25 Jan 2011 00:03, benja...@py-soft.co.uk said:
* Maximum key size increased to 8192 bits; recommended for expert users only
I do not think this is a good idea. There is no point in such a long
key size. The simplest reason against this is that the keysize is not
the weakest link in
On Tue, 25 Jan 2011 11:03, joh...@vulcan.xs4all.nl said:
What kind of smartphone do you have? Since when does GnuPG exists for
phones? I would be really interested in a Symbian version, or I would
have to wait for Meego to become adult.
N900 and HTC Touch Pro2, GnuPG 2.1 supports them. See
On Tue, 25 Jan 2011 18:39, k...@grant-olson.net said:
Actually, I also needed to run 'gpgkey2ssh 0xDEADBEEF
~/.ssh/authorized_keys so I could ssh into the box as well.
You should use
ssh-add -L
which gives you the public key. The comment field has the card number.
Shalom-Salam,
On Wed, 26 Jan 2011 05:21, k...@grant-olson.net said:
(Not that I'm saying there's anything wrong with using 1.4; I just doubt
ECC will be back-ported.)
Well, at some point in time we might need to do that. If there are many
ECC keys in use there is probably a need for ECC for server
On Sat, 29 Jan 2011 19:54, k...@grant-olson.net said:
gpg: detected reader `SCM SCR 3310 [CCID Interface] 00 00'
gpg: pcsc_connect failed: sharing violation (0x801b)
Another process has locked the reader. Most likely this is either a gpg
1 or an scdaemon.
grant@johnsmallberries:~$
On Thu, 3 Feb 2011 08:28, d...@fifthhorseman.net said:
is there a way for a program that parses --status-fd to get this
Not yet.
information, or does the program need to parse --logger-fd as well to
better don't do that; the messages may change. What about this new
feature:
On Thu, 3 Feb 2011 21:13, d...@fifthhorseman.net said:
This looks great. Thanks, Werner! Can we expect this in the 1.x and
2.0.x branches as well?
Hmmm. If you really want that please out it into the tracker; there is
a topic keyword backport.
Shalom-Salam,
Werner
--
Die Gedanken
On Thu, 3 Feb 2011 21:59, d...@fifthhorseman.net said:
* new users see the prompt and think they need to enter something
there, without understanding why or what to put there. This leads to
people either making a witticism (e.g. No Comment), repeating their
I have only seen a few of these
On Fri, 4 Feb 2011 16:51, d...@fifthhorseman.net said:
Some translation changes might still be worth doing; I would like to see
the example User ID lose the comment (including (Der Dichter) in an
english prompt is not helpful), and i think the wording should also be
Fine with me, if we drop
On Sun, 6 Feb 2011 20:46, d...@fifthhorseman.net said:
The User ID is the most commonly-used way to *find* the key -- but it
does not identify the key. It identifies the user. The fact that
people are willing to cryptographically bind the User ID to the key (via
In OpenPGP parlance the
On Mon, 7 Feb 2011 13:11, gnupg.u...@seibercom.net said:
Can anyone tell me definitively if Microsoft Outlook, Exchange or Live
Mail support RFC 2015 and preferably it's successor RFC 3156? Obviously,
Outlook does not support it at all. I wrote a plugin, GpgOL, which
brings rfc3156 support to
On Sat, 12 Feb 2011 12:25, alves@gmail.com said:
recipients, i want the plugin to use a symmetric cipher. The problem
is that i can't seem to figure out how to get the passphrase
callback working (safely). From the GPGME manual I understood that it
Under Windows you need to work with
On Sun, 13 Feb 2011 13:34, ikrabbe@gmail.com said:
don't think that it will result into a bottleneck before reaching
10^6-10^12 keys (I didn't prove this statement!).
This won't work. We do a sequential scans of the pubring.gpg all the
time. This includes the computation of fingerprints
Hi,
thanks for explaining the project. I looked at your packes and found no
reason not to include it. In particular the quick links to the license
files were helpful for checking that this is indeed all about free
software.
I added GPGTools to the related software section and also featured it
On Sun, 13 Feb 2011 01:41, k...@grant-olson.net said:
Firstly, can I actually import a certificate like this onto the card?
Or do I simply misunderstand the specs?
Yes.
Secondly, is there a command somewhere in gpg/gpgsm/gpg* to do this, or
is it specified and implemented on the OpenPGP
On Sun, 13 Feb 2011 01:41, k...@grant-olson.net said:
Thirdly, the SCUTE docs start by generating a certificate request from
your OpenPGP authentication key. In this scenario, are you just using
the Same RSA key for both your OpenPGP and X509 certificates? Does the
Yes, it is possible to
On Thu, 27 Jan 2011 16:01, pat...@debian.org said:
I've got 2 readers:
OmniKey CardMan 3121 (USB device)
OmniKey CardMan 4040 (PCMCIA device)
All Omnikey based readers don't work with 2k keys. There is a hack in
scdaemon which sometimes helps, but in general they are not supported;
neither
On Wed, 16 Feb 2011 14:52, steveb...@gulli.com said:
GPGMail: www.gpgmail.org no longer exists, please update link to
MacGPG2: although the SF page still exists, it is planned to be
I updated both; should go online with the net rebuild this night.
Salam-Shalom,
Werner
--
Die Gedanken
On Sun, 27 Feb 2011 06:43, br...@frogandbear.net said:
I do find it a little odd that GnuPG's very own (and from the looks of
it, old) documentation (1) lists the 3121 as a supported reader, along
with several other outdated models.
Sorry for that, the howto is a bit outdated. Omnikey based
On Sun, 27 Feb 2011 17:54, noloa...@gmail.com said:
I recently installed GPA. I'm trying to locate a friend's public key
by either name or email address. GPA appears to only offer Key ID
(which I don't have).
You have to use the command line:
gpg2 --search-key f...@example.org
then
Hi,
I once hoped the discussion about MIME vs. crufty inline signatures has
been settled a long time ago. Today that even Microsoft Outlook handles
it correctly for more than 7 years, the new excuse seems to be some
buggy new mail applications. I don't buy such an excuse. MIME is so
primitive
On Tue, 1 Mar 2011 02:41, da...@systemoverlord.com said:
Other than on systems where $HOME is on a filesystem that does not
support sockets (e.g., NFS/CIFS/etc.), is anyone aware of an issue with
the use of --use-standard-socket? Seems like it would make restarting
GnuPG 2.1 will use
On Sun, 27 Feb 2011 20:16, k...@grant-olson.net said:
If you want someone to cleanup and update the howto, I volunteer. I
just need to know the name of the cvs project. 'card-howto' didn't seem
to work.
It is the module card-howto in the gpgweb repository. However, I
recently started to
Hello!
We are pleased to announce version 1.2.0 of Libksba.
Libksba is an X.509 and CMS (PKCS#7) library. It is for example
required to build the S/MIME part of GnuPG-2 (gpgsm). The only build
requirement for Libksba itself is the libgpg-error package. There are
no other dependencies; actual
On Thu, 3 Mar 2011 16:28, lists.gn...@mephisto.fastmail.net said:
Is the source code that lives in the OpenPGP card, v2.0, as implemented
in the Kernel Concepts/Zeitcontrol version, available anywhere for
review?
No, it is not available. The smart card OS is - as usual - proprietary.
Achim
On Thu, 3 Mar 2011 20:44, da...@systemoverlord.com said:
I suppose this begs the question -- since the card has access to raw
keys, how confident can we be that no back doors exist in the card?
We can't.
However, we can't be confident about our general purpose CPUs either. A
few hundred
On Mon, 7 Mar 2011 13:23, christoph.rachin...@ce.stud.uni-erlangen.de
said:
mpi_data_from_buffer. So I hope anyone can tell me the format of the RSA
signature or just tell me the offset, where I need to start reading the
MPI.
There is no fixed offset; you need to parse OpenPGP packets. This
Hello!
We just released the second *beta version* of GnuPG 2.1. It has been
released to give you the opportunity to check out the new features.
It is marked as a beta versions and the plan is to release a couple more
betas in the next months before we can declare 2.1.0 stable enough for
On Tue, 8 Mar 2011 14:53, christoph.rachin...@ce.stud.uni-erlangen.de
said:
I'm currently trying to write a kernel module that checks digital
signatures of binaries. For the cryptographic part I'm using the
sourcecode of GPG 1.4.11 (the SHA1 computation, the RSA verifcation and
FWIW: You
On Sat, 12 Mar 2011 01:40, k...@grant-olson.net said:
- GPG4WIN is the right package to install gpg2 on windows, so you've got
the right installer. It's a shame GPA doesn't work with a screen reader.
What is the problem with GPA? It is a plain gtk+ application and thus
should have the same
On Mon, 14 Mar 2011 11:57, thaj...@gmail.com said:
I use a screen reader called JAWS For Windows. The GUI is not screen
reader accessible, meaning I can not use the Arrow keys, Tab, Shift+Tab
I see that you are talking about GPA for Windows. It is quite possible
that this is not up to what the
On Mon, 14 Mar 2011 13:23, gnupg.u...@seibercom.net said:
Perhaps a possible solution would be to freeze GNUPG at its present
state of development. Now, start the creation of a new branch that
Fortunately this is not required. GnuPG does not know about mail; it
does not even know about
On Mon, 14 Mar 2011 14:17, r...@sixdemonbag.org said:
Inline signatures /are/ standards. RFC 4880 is far newer than RFC 3156:
by your logic, 4880 should supersede 3156 and we should all move to the
current standard and abandon 3156 support.
You are mixing the MIME standards with the OpenPGP
On Mon, 14 Mar 2011 15:50, ved...@nym.hush.com said:
(btw, Disastry is the one who wrote the IDEA.dll module,
specifically to bridge the gap between gnupg and pgp users.)
Hmmm, the signature claims that I wrote it. However, I still recommend
not to use it.
Salam-Shalom,
Werner
--
Die
On Mon, 14 Mar 2011 17:53, ved...@nym.hush.com said:
Disastry's signature is on the ideadll file in the ideadll.zip file
on his site.
So you trust some binary blob? .-)
Is that your signature on the idea.c module from key ID 621CC013 ?
Yes. Back in 1997 I implemented PGP 2 compatible code
On Wed, 16 Mar 2011 06:33, b...@adversary.org said:
Okay, so that would cover 3DES too? Surely there can't be many
No. DES and thus 3DES have a blocksize of 64 bit. The blocksize is not
related to the keysize.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein
On Mon, 21 Mar 2011 15:44, k...@grant-olson.net said:
Run the commands without '/trunk'. I'm guessing that's an artifact from
the subversion command.
Ooops. I only looked at the top of the page where it is okay. I'll fix
the other places.
Salam-Shalom,
Werner
--
Die Gedanken sind
On Wed, 23 Mar 2011 03:33, jpcli...@tx.rr.com said:
Could be in OpenPGP later this year. Camellia was fairly fast.
It is not required to be in in OpenPGP (technically a new RFC to extend
rfc4880). We have always added new features to OpenPGP before we had an
RFC for it. It is basically, that
On Thu, 24 Mar 2011 18:40, kap...@mizera.cz said:
1. gpg-agent ignores changed values in ~/.gnupg/gpg-agent.conf after
SIGHUP. I have to kill/restart him ?!
Depends on the option you want to change. Most are re-read after a HUP
or with gpgconf --reload gpg-agent (which of course sends a HUP
On Sat, 26 Mar 2011 16:50, jer...@jeromebaum.com said:
summarize: gpg-agent seems to have problems handling thrown keyids.
You mean the current development version? Quite possible; that is for
what development versions are for.
For 2.0.x there can't be a problem because gpg-agent does not
On Thu, 31 Mar 2011 15:51, gpgika...@armax.se said:
my pubring.gpg/secring.gpg) I must also have a card containing the
trustdb-file and perhaps even a gpg.conf file?
No, you don't need the internal stuff like trustdb and pubring. Take
the public key from a keyserver or another resource and
On Wed, 6 Apr 2011 22:52, do...@dougbarton.us said:
/usr/local/lib/libassuan.so.0: undefined reference to `gpg_err_set_errno'
He should update libgpg-error.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
On Thu, 7 Apr 2011 04:25, bshadl...@hertz.com said:
We are using GnuGP 1.1.3 on a few PCs, all able to decrypt using 1 public
I assume you mean Gpg4win 1.1.3 which includes a relative new GnuPG version.
key. I can use it on my PC, but a new user on a new PC is getting constant
errors.
On Thu, 7 Apr 2011 10:22, spelb...@gmail.com said:
- libgpg-error-1.10 (Went OK)
This is okay.
/usr/local/lib/libassuan.so.0: undefined reference to
`gpg_err_set_errno'
Looking again at the your compile log:
libtool: link: gcc -I/usr/local/include -I/usr/include -g -O2 -Wall
On Tue, 12 Apr 2011 08:47, db...@freemail.hu said:
Every time when i verify any signature, i get the following date:
gpg: Signature made 04/09/11
The first 2 digit of the year is always missing.
What is the reason of it?
That is definef by your locale. Run locale to see the settings for
the
On Mon, 25 Apr 2011 20:04, kloec...@kde.org said:
from those living with you (i.e. you do not trust them) then you better
make sure those other people are either computer-illiterate or never
have unattended access to your computer.
and you should also always check the cabling of your box.
On Thu, 5 May 2011 08:52, aheinl...@gmx.com said:
We have a OpenPGP key which we use for signing our software releases.
That key should be changed yearly and carry an expiration date to
enforce this change. However, for the signatures to be useful, the key
has to be signed by quite a lot of
On Thu, 5 May 2011 17:07, mailinglis...@hauke-laging.de said:
Are there people who check the subkey IDs of old and new signatures, get
confused by a change despite of gpg saying it's all right (which IMHO demands
they have not understood the concept of subkeys)?
No they are confused that I
On Fri, 6 May 2011 23:59, d...@fifthhorseman.net said:
When i point a web browser at https://lists.gnupg.org, i get a warning
that the server's X.509 certificate is expired (it has a CN of
trithemius.gnupg.org and several subjectAltNames, including
lists.gnupg.org).
Quite possible; I don't
On Thu, 12 May 2011 04:49, li...@mgreg.com said:
I am writing application in which I need to know if a GnuPG encrypted
message was sent to me. It seems that whenever you list the
recipients of a message it will list every recipient but you -- even
if you're one of them. Surely there's a way
On Sat, 14 May 2011 22:42, zirconiumnz...@gmail.com said:
Werner if you read this thread please reply. Thanks.
I don't understand the context, what was your question? How to disable a
certain algorithm? (--disable-cipher NAME).
I recall that there was a long thread abouth something with
On Mon, 16 May 2011 19:32, steve.stro...@link-comm.com said:
root:~ gpg --import test-key.gpg
gpg: key CBF38289 was created 137948617 seconds in the future (time
warp or clock problem)
Try the option --ignore-time-conflict .
Shalom-Salam,
Werner
--
Die Gedanken sind
On Tue, 17 May 2011 00:35, jer...@jeromebaum.com said:
were made for different purposes and I think you're stretching GPG very far
if you want to encrypt big streams of data. That's more something OpenSSL
As a Unix tool GPG is designed to work on arbitrary data lengths. The
problem is mereley
On Tue, 17 May 2011 12:20, max.van.po...@gmail.com said:
I want to encrypt files with an X.509 public key DSA 1024 bits. With public
I once did some test with DSA under X.509 but that was all. It is very
likely that it won't work in a real environment. Virtually nobody is
using DSA with X.509.
On Sat, 14 May 2011 18:12, ventur...@gmail.com said:
I purchased a v2 OpenPGP card for use with a SCM SCR335 card reader,
attempting to generate keys larger than 1024 bits fails, I've been
This should definitely work. To help you we need more input:
What version of GnuPG are you running (gpg
On Mon, 16 May 2011 22:12, steve.stro...@link-comm.com said:
easy to ask the user for the date. What would the security
implications be of just setting the clock to a fixed future date
before importing the key?
I can see no problems from GnuPG's perspective. I suggest to start with
a fixed
On Tue, 17 May 2011 19:39, ventur...@gmail.com said:
No, I assumed I didn't need to as the reader works fine with the
internal CCID driver (I can fetch card status, edit card details
generate 1024bit keyson the card)
Sure, it is the reader I used for many years. I am currently using a
3310
On Thu, 19 May 2011 00:26, ventur...@gmail.com said:
for FreeBSD, the implementation of libusb has diverged/lagged (i'm not
sure which tbh) where anything that depends on a recent version of
libusb is broken on anything newer than FreeBSD 7.x, this includes
pcscd which can't be built with USB
On Wed, 25 May 2011 19:27, janne.ink...@iki.fi said:
I am having a problem with GnuPG text ui-language. My windows is in
english, but GnuPG is in swedish. I know I can fix this issue with
lang=en enviroinment variable, but I am having this wrong language
problem in several other software
On Fri, 27 May 2011 00:04, gro...@caseyljones.net said:
volume. The advantage of those is that a single bit error is likely to
only affect one file. If you archive the files before transferring
FWIW, it is the same as with OpenPGP. The used CFB mode re-syncs after
soon after the bad block.
On Fri, 27 May 2011 10:48, jer...@jeromebaum.com said:
There is still a compression step by default though, right? I know gzip has
Right. I forgot to mention that. Unless gpg figures that the data is
already compressed, it will be compressed before encryption.
Salam-Shalom,
Werner
--
On Mon, 30 May 2011 23:10, makro...@gmail.com said:
I wish application developers would understand
a simple fact: language choice can't be computer-wide,
it must be *application specific*.
Language choice is user specific, however users may start applications
with other language setting (cf.
On Thu, 2 Jun 2011 00:41, dpmc...@gmail.com said:
1. Does anyone else have experience with a shared among users keyring?
Be warned that future gpg versions may not support the use of multiple
keyrings. It is not easy to define the semantics for this as it is
similar to a translucent
On Thu, 2 Jun 2011 18:18, ian.m.fie...@lmco.com said:
I was attempting to uninstall gnupg-w32cli-1.4.11 from my machine. I
That is quite possible; I have not tested the uninstall featuire for
years. 1.4.x is not recommended for Windows; you better use gpg4win
which feature GnuPG 2.0.
On Fri, 3 Jun 2011 21:32, ama...@dizum.nl said:
In doc\gpg.man of my gnupg 1.4.11 I found
--faked-system-time epoch
This option is only useful for testing; it sets the system time
You need to use GnuPG-2, Gpg4win installs gpg2 under the name gpg but
older instalaltions don't. The
On Sun, 5 Jun 2011 21:15, ama...@dizum.nl said:
To begin with, I wonder whether I have to drag along all those 25 MB
The light installer is 15MB.
iconv.dll). Is there a chance to slim it down in case I only need to
create / delete keys and encrypt / sign / verify messages?
Yes, in theory
On Thu, 9 Jun 2011 20:51, li...@meumonus.com said:
I'm running GnuPG 1.4.9 on Windows. I'm trying to cache a passphrase
1.4.9 is old; 1.4.11 is the current version.
using gpg-preset-passphrase so I can batch decrypt a couple hundred
If you are using the agent you better use gpg2 which is
On Thu, 9 Jun 2011 22:38, do...@dougbarton.us said:
IMO that would be a serious regression. I have several different
But fixes a lot of problems. The keyring is a database and if we
distribute this database to several files without a way to sync them;
this leads to problems. You may have not
On Sun, 12 Jun 2011 23:15, m...@kerrickstaley.com said:
Is it possible to generate the digest for a file, and then create the
signature from that digest later?
No, this is not possible. We once considered to implement such a
feature but dropped that plan. The technical problem is that with
On Wed, 15 Jun 2011 21:50, d...@fifthhorseman.net said:
According to whois, that's Werner and g10 code GmbH. Werner, can you
comment on any policy for use of @gnupg.org notations? Would it help if
If it is a reasonable thing I see no problem to register it and setup an
email alias or
On Thu, 16 Jun 2011 15:58, ds...@jabberwocky.com said:
key signature mean? Unless it's marked critical, the web of trust
code in both GPG and PGP will treat those signatures as fully
qualified ones and not just timestamp-only, yet if it is marked
This is why one should use a separate key for
On Thu, 23 Jun 2011 22:10, l...@brooks.nu said:
Thanks for the reply. I don't know if a lot of people face this issue,
but if so, I would recommend putting it in the FAQ. It would
Done. http://www.gnupg.org/faq/GnuPG-FAQ.html#what-are-dh-dss-keys
Salam-Shalom,
Werner
--
Die Gedanken
On Fri, 24 Jun 2011 00:42, onemailid4mailingli...@edpnet.be said:
I'm a newbie GPG user. I'm using Linux and GPG2.
When generating new keys, I get several error messages:
Please describe exactly what you are doing and what versions of GnuPG
are you using. Are you using a smartcard? Which
On Sun, 26 Jun 2011 21:29, git...@safe-mail.net said:
I am using gpg-agent to manage my one and only ssh key. I generate my
(private) ssh key via openpgp2ssh from my private gpg
key. Unfortunately, although my private gpg key is not password
protected, gpg-agent asks me for a passphrase (via
On Mon, 27 Jun 2011 15:31, jer...@jeromebaum.com said:
While I didn't see/read the ages-old thread that was mentioned before,
you allegedly even agreed to implement something roughly equivalent in
the past.
Did I? I only recall that once I changed the generation code to make
sure the
On Tue, 28 Jun 2011 11:56, jer...@jeromebaum.com said:
How about the use cases I presented? Any problems with those?
timestamp-inter...@gnupg.org I assume. I tried to find the first
reference of it, but several pages of mails indented so that they even
don't show up on my screen without
On Tue, 28 Jun 2011 15:43, jer...@jeromebaum.com said:
Why limit the choices to 0 and key creation time? How about just an
option --set-timestamp=int that sets the timestamp? Is that easy
to do?
It is some work because we need to figure out the lower limit for the
timestamp for each sign
201 - 300 of 3671 matches
Mail list logo
