Re: Agent forwarding issue

Hi, Werner Koch via Gnupg-users wrote: > On Fri, 5 Apr 2024 13:03, Todd Zullinger said: > >> In such a case, it sounds like it may be reasonable to use >> the normal socket? Until the remote side is updated to > > In fact, I also did this for som

Re: Agent forwarding issue

Bee via Gnupg-users wrote: > In the mean time, you could put something along the lines of: > > {CmdCalls ; } 2>&1 | grep -v -e "^gpg: problem with fast path key > listing: Forbidden - ignored$" or something, to keep that output out > of your stderr stream. I think there's a downside to that (but

Re: Agent forwarding issue

Hi Werner, Werner Koch via Gnupg-users wrote: >> gpg: problem with fast path key listing: Forbidden - ignored > > I'll suppress that message in --quiet mode for the next release. Excellent, thanks! > When doing a secret key listing (which happens with -K but also in > --with-colons mode)

Agent forwarding issue

Hi, I have been working on setting up agent forwarding¹. One issue which I have not yet found a solution for is that gpg prints the following to stderr when performing actions involving the agent: gpg: problem with fast path key listing: Forbidden - ignored Both hosts are running

Re: 32768-bit key

Robert J. Hansen via Gnupg-users wrote: >> I don't know that there's anything to file a bug about. I >> don't see any non-rsa4096 keys on the Tails website: > > One of their certificates has a Curve-25519 subkey. I wonder if that's what > the original poster saw, and mistook it for being a

Re: 32768-bit key

Robert J. Hansen via Gnupg-users wrote: >> The TailsOS team has a key that's wy over 16384-bit. > > I suggest filing a bug report with them and asking them why they ignore the > best practices of cryptography. I don't know that there's anything to file a bug about. I don't see any non-rsa4096

Re: [Announce] GnuPG 2.4.1 released

Werner Koch via Gnupg-users wrote: > On Fri, 28 Apr 2023 11:21, Todd Zullinger said: > >> It seems neither of these files have not made it to the >> server yet: > > Sorry for that. I have used a new build machine and obviously forgot > one of the last steps.

Re: [Announce] GnuPG 2.4.1 released

Hi, Werner Koch via Gnupg-users wrote: > Getting the Software > > > Please follow the instructions found at or > read on: > > GnuPG may be downloaded from one of the GnuPG mirror sites or direct > from its primary FTP server. The list of

Re: gpg: can't handle public key algorithm 18

Mike Schleif wrote: > Yes, I see that. > > However, our public key was generated by our GPG; and this file is > encrypted with our public key, since there is NO missing "secret key" error. > > Why, then, the subject error message? Perhaps the file is signed by an ECDH key? I can only guess.

Re: gpg: can't handle public key algorithm 18

Mike Schleif wrote: > $ gpg --version > gpg (GnuPG) 2.0.22 > libgcrypt 1.5.3 > > $ cat /etc/system-release > CentOS Linux release 7.9.2009 (Core) Algorithm 18 is ECDH, which is not supported by gpg on CentOS 7. You can confirm this in the Pubkey line of the gpg --version output: $ gpg

Re: Difference between versions--Question

K S via Gnupg-users wrote: > It would be helpful to know why I can't get compression in my build. I've > tried to build from source three times now. > > There are so many packages in Ubuntu with zip, zlib, and bzip2 in the name > I can't begin to try them all. I've looked at config.log and it

Re: GnuPG 2.2.36 released

Bernhard Reiter wrote: > Am Montag 11 Juli 2022 14:50:24 schrieb Konstantin Ryabitsev via Gnupg-users: >>> See https://dev.gnupg.org/T5949#159890 for why it doesn't work for you. >> >> Ah, okay, that's unfortunate. I guess I'll skip this release, since I can't >> verify it without building gnupg

Re: Error importing fetching key from wkd

Konstantin Ryabitsev via Gnupg-users wrote: > FYI, I also provide gnupg22-static and gnupg23-static packages that can be > rebuilt and installed on RHEL 7+ (though I haven't tried on RHEL9): > > https://copr.fedorainfracloud.org/coprs/icon/lfit/packages/ > > They install into /opt and can be

Re: Error importing fetching key from wkd

Hello again, I wrote: > Dirk Gottschalk via Gnupg-users wrote: >> A workaround for this is to download the SRPM, remove the >> line '--disable-brainpool' and rebuild the package. > > Ahh, excellent. That's a relatively recent change. It's > available in the Fedora (and RHEL) libgcrypt-1.10

Re: Error importing fetching key from wkd

Hi, Dirk Gottschalk via Gnupg-users wrote: > A workaround for this is to download the SRPM, remove the > line '--disable-brainpool' and rebuild the package. Ahh, excellent. That's a relatively recent change. It's available in the Fedora (and RHEL) libgcrypt-1.10 packages which I believe are

Re: Error importing fetching key from wkd

Hi, Werner Koch via Gnupg-users wrote: > On Wed, 25 May 2022 22:58, Dirk Gottschalk said: > >> $ gpg --with-colons --list-config curve >> cfg:curve:cv25519;ed25519;cv448;ed448;nistp256;nistp384;nistp521;secp25 >> 6k1 > > This should read > >

Re: Odd error

Hi, Werner Koch wrote: > I looked at the Fedora Libgcrypt source and noticed that they ship > libgcrypt with the nistp192 and all brainpool curves removed. I have > not yet build this version but given that one of your keys has brainpool > curves this might be the culprit. > > I can understand

Re: setrlimit failure on aarch64 (was: Interesting failure on aarch64)

Werner Koch via Gnupg-users wrote: > On Fri, 20 Dec 2019 11:22, Konstantin Ryabitsev said: > >> On x86_64 this succeeds, but when I tried building on aarch64, that step > [...] >> gpg: Fatal: can't disable core dumps: Operation not permitted > > setrlimit returns an unexpected error code: >

Re: Interesting failure on aarch64

Hi Konstantin, Konstantin Ryabitsev wrote: > I came across an interesting gpg failure while trying to build > git-2.24.1 RPM for Fedora COPR. As part of RPM build, the prep stage > attempts to verify the tarball signature using Junio's PGP key: > > %prep > # Verify GPG signatures >

Re: Keyserver access changes in GnuPG

Wiktor Kwapisiewicz via Gnupg-users wrote: > Hello all, > > I recently saw a message from one of Fedora's maintainers: > >> Coming soon to Fedora30 (rawhide), gnupg v1.4.x renamed to gnupg1. Also >> dropping keyserver support at Werner's suggestion since upstream plans to >> disable that soon.

Re: Errors while creating an g13 encrypted container.

Dirk Gottschalk via Gnupg-users wrote: > Am Freitag, den 13.04.2018, 11:40 +0200 schrieb Werner Koch: >> On Fri, 13 Apr 2018 03:49, gnupg-users@gnupg.org said: >> >>> There is neither a command or package named userv, nor a script >>> called >>> 'gnupg-g13-syshelp' in the repositories. The binary

Re: Will gpg 1.x remain supported for the foreseeable future?

Dan Kegel wrote: > - might save time and anguish if apt-key (and thus gpg[v]?) accepted > armored keyrings even if filename ends in .gpg I think that's https://dev.gnupg.org/T2290, in case you want to follow it or submit a patch to implement it. Werner did provide some details about how it would

Re: fingerprint of key

Daniel Kahn Gillmor wrote: with more modern versions of gnupg, you can just use: gpg --with-fingerprint --import-options show-only --import < public-key-file.asc FWIW, I've used "gpg --with-fingerprint public-key-file.asc" for what seems like years to do this sort of quick fingerprint

Re: Can't import valid GPG keys in Ubuntu

Jim Dever wrote: I'm sure he meant to reply to the list. Unfortunately this list doesn't generate a Reply-To back to the list so if one just hits Reply it goes back to the original sender and not to the list. I've been called on this before until I realized what was happening. If anyone on

Re: Finding key ID of a keypair

Dion Moult wrote: It's passphraseless, it's DSA, and that's pretty much all I know. I made it quite a long time ago, perhaps through ssh-keygen. If you created the key with ssh-keygen, then it's an SSH key, not an OpenPGP key. The two systems, ssh and gpg, do not use the same key formats. For

Re: gnupg vs. gnupg2

Suno Ano wrote: - there is one utterly annoying fact with gpg2 which is the graphical windows which keep poping up http://i43.tinypic.com/154yb04.png How can I get rid of them and have the behavior of gpg which just stays in the shell? You can use the curses pinentry program. The

Re: How to use the Apple Product Security PGP Key + Protecting Security Information ~~ F.Y.I.

gerry_lowry (alliston ontario canada) wrote: The Internet took off when Microsoft, for better or worse, included and promoted Internet Explorer in Windows 95, thus beginning the so called browser wars. That's quite arguable. Why do you assume that MS introducing IE *cause* the internet to

Re: Setting up a new laptop - importing keyrings

Anne Wilson wrote: I'm setting up a new netbook, and have copied into the .gnupg folder my keyrings and associated files from this laptop. Kgpg lists the keys correctly, but all is not well. When I try to set keys for signing and encryption I get the endless searching bar, as Chris

Re: GNUPGHOME for Linux?

Stefan X wrote: On Linux I would like to change the homedirectory from ~/.gnupg to /something/else. Defining GNUPGHOME has no effect on my Linux system while it worked on Windows. Does this option not exist in GnuPG for Linux? How to define something similar. GNUPGHOME works fine on linux.

Re: Import Secret Key

Thomas Chitwood wrote: I need to import an additional secret key to my keyring. I am running gpg 1.4.5. What is the command to do this? I thought it would be gpg --import-secret-keys key id, but that doesn't seen to work. Two problems: 1) There is no --import-secret-keys option. See the

Re: Removing all installed versions of GNUPG

giangios wrote: When I run the command: rpm -q gnupg, now doesn't show any gnupg installation, but I can use it. Right -- rpm only knows about packages you add via rpm packages, not about random things you compile from source. Now I need to point the distribution packages (CENTOS 4.2) to use

Re: gpg-agent/ssh-add asking for passphrase at first usage

Axel Thimm wrote: some years ago I did create a nice gpg-agent --enable-ssh-support setup that would register ssh keys with the agent, but the agent would only ask for the passphrase when ssh would try a connection. Now I upgraded my system and this doesn't work anymore. What exactly

Re: GnuPH with PHP / install

PeterM wrote: I need access to gpg with PHP through accounts on my server such as: /home/first_account/.gnupg /home/other_account/.gnupg through cPanel I can also install( have) public keys for each domain/account, but cannot access gpg in the server's root directory. Any advice will be

Re: keypair to/from armor format

Steven Woody wrote: I don't trust any electrical medium ( USB disk, DVD-R and so on ) as backup copy of my keypairs. I think I want hardcopy of my keys. In the user manual, however, I learned how to export/import public keys ( in armor mode ). but I don't see how to do the same on the private

Re: IDEA

Jan 23 2008 Todd Zullinger [EMAIL PROTECTED] - 1.4.5-13.1 +- include the IDEA cipher + * Thu Mar 1 2007 Nalin Dahyabhai [EMAIL PROTECTED] - 1.4.5-13 - incorporate patch from Werner to work around clients which can't tell that multiple plain messages have been processed (#230457

Re: GnuPG in Linux

Charly Avital wrote: My question, please help: where, how can I find and open, actually open and edit as required, gpg.conf? A ls search in .gnupg lists 'options'. I remember that gnupg.options was the ancestor of gpg.conf (probably before gnupg 1.2.*). Just rename (mv) options to gpg.conf.

Re: How to use GnuPG to generate sha512sum hash?

Moses wrote: I want hash some strings by using GnuPG, I know GPG have hash function, but I can't find how to do it in the manuals or other documentations on the official website. What's parameters used by GPG for hash? Furthermore, I would like use sha-512 hash strings from standard input,

Re: Questions about generating keys

Oskar L. wrote: Name must be at least 5 characters long Why? There are probably many people who like to go only by their first name, and have a 3 or 4 character name. It's generally considered useful to follow the typical format for a user id (FirstName LastName [EMAIL PROTECTED]). You are

Re: where i can download gpgsm?

redstar wrote: thanks but where is official site of gpgsm downloads? its made by werner koch right or its debian application??? No, it's not a Debian app. See http://www.gnupg.org/(en)/download/index.html GnuPG 2.0 GnuPG 2.0 is the new modularized version of GnuPG supporting OpenPGP and

Re: Can't generate new keys

rocko wrote: When i try to make a new key i get the following error: gpg: no writable public keyring found: eof Key generation failed: eof I'm using Ubuntu 7.04 and logged on as regular user. I've generated a key before but i used: sudo gpg --gen-key that works fine. I just can't seem to do

Re: Can't generate new keys

rocko wrote: Your right it seems my permissions are wrong: [EMAIL PROTECTED]:~$ ls -la .gnupg/ total 40 drwx-- 2 acidblue acidblue 4096 2007-06-03 15:42 . drwxr-xr-x 72 acidblue acidblue 4096 2007-06-03 17:59 .. -rw--- 1 acidblue acidblue 28 2007-05-19 11:47 gpg.conf -rw---

Spurious warning when using pgp compatibility modes?

Hi all, With sig-keyserver-url $URL in gpg.conf: $ gpg --pgp7 --detach-sign test You need a passphrase to unlock the secret key for [...] gpg: can't put a preferred keyserver URL into v3 signatures Now, I know that I can't do that but I don't want to be told about it every time I sign

Re: The Polish language in gnupg.spec is horrible

Werner Koch wrote: we have this https://bugs.g10code.com/gnupg/issue676 bug report in the tracker. I'd appreciate if someone else speaking Polish can check the supplied patch https://bugs.g10code.com/gnupg/file84/corrected-polish.diff.gz I can't help with the translation, but I

Re: The Polish language in gnupg.spec is horrible

Werner Koch wrote: You need to create an account first. Sorry for that but it avoids spam and helps to make people think before they use the tarcker as a help forum. I add a comment. Yeah, understandable. I had created an account and still didn't see any obvious way to add a comment. I may

Re: GPG fails to verify clamav

Roy Carin wrote: I downloaded clamav 0.90rc3 from http://sourceforge.net/project/showfiles.php?group_id=86638package_id=90197release_id=483125 I want to verify the integrity of the downloaded file. When I do gpg --keyserver random.sks.keyserver.penguin.de --verify

Re: Info doc conflict between 1.4.6 and 2.0.1?

Werner Koch wrote: On Thu, 7 Dec 2006 05:37, [EMAIL PROTECTED] said: I don't recall seeing this before, but I don't use the info docs much, so maybe I've just missed it previously. It seems that 1.4.6 changed the texinfo file to use the dircategory GNU Utilities just as 2.0.1 does. 1.4.5

Re: Signed patch against 2.0.1

Werner Koch wrote: Here comes a signed patch against 2.0.1 for those who care to verify signatures ;-). Thanks Werner. Seems that the list archives scrub the attachment, which makes it less useful than it'd be otherwise, 'cause you can't point others to the signed patch. If any of the list

Re: Fwd: GnuPG 2.0.1 compile error

David Shaw wrote: Ok. The problem is simple: you don't have zlib installed, or at least don't have the zlib development package installed. I'm not sure what it's called on Ubuntu, but there is probably some variation of zlib and some variation on zlib-devel. You need zlib-devel. It

Re: encrypt the sent folder

John Clizbe wrote: Sounds unreasonable to me. It's completely beyond our scope to implement. That seems more like not feasible than unreasonable. But the results are the same. :-) Thank you for the explanation. -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp

Re: encrypt the sent folder

Eray Aslan wrote: I thought it was a mis-configuration on my part. Nope. As John pointed out this is simply not feasible to do from within Enigmail based on the way it has to interact with Thunderbird. If you don't trust the IMAP server admins, then you should store your mail somewhere you

Re: encrypt the sent folder

Robert J. Hansen wrote: Todd Zullinger wrote: That seems more like not feasible than unreasonable. But the results are the same. :-) Infeasible: we have the manpower, we have the tools, we have the talent, but the architecture is working against us in a big way. Unreasonable: our

Info doc conflict between 1.4.6 and 2.0.1?

I was updating my system to 1.4.6 today and noticed the following in the make install output (I've got 2.0.1 installed already): install-info: menu item `gpg' already exists, for file `gnupg' I don't recall seeing this before, but I don't use the info docs much, so maybe I've just missed it

Re: Info doc conflict between 1.4.6 and 2.0.1?

Charly Avital wrote: I am MacOS X user (10.4.6), unable till now to compile 2.0.1 (posted a few messages explaining why). If you are MacOS X user, could you please explain how you succeeded to compile 2.0.1. Thanks. Sorry, I'm using linux. -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL:

Re: encrypt the sent folder

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eray Aslan wrote: Surely there must be a better way. These all require admin access to the IMAP server. The software already does what I want some of the time (when I send the recipient encrypted email). I just want it to do it all the time.

Re: Logo ballot reminder

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wouter van Heyst wrote: It certainly was enough to make my brain register it as unreadable, I only went back to it when Warner mentioned the deadline again. Looking at it now I agree it is rather minimal as far as html goes, but it's still not

Re: pgp.sig as an attachment

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastian wrote: I am using GnuPG with Apple Mail and the GPGMail plugin. When I sign a message, the mail is sent with the attached file pgp.sig. However, I would prefer to have the signature inside the message and not in an attachment. How

Re: sig!3 entry vs sig! entry on certain GnuPG keys from the PuTTY software site

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alphax wrote: There is a default certification level option that can be used either on the command line or in a config file - normally GnuPG will ask you for the certification level when you sign a key, but the default /can/ be used if the right

Re: How to verify the file was successfully encrypted...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan Rockway wrote: BTW, why are you encrypting these files anyway? If someone broke into your computer they could just steal the crypto key too. True, unless the private key isn't kept on the same machine. Which also would negate the

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Atom Smasher wrote: pgp Key Signing Observations: Overlooked Social and Technical Considerations http://www.linuxsecurity.com/content/view/121645/49/ there's a few sections in that article that might be of interest. Indeed, thank you Atom!

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Klöcker wrote: Try CA-Bot (http://cabot.alioth.debian.org/). Thanks Ingo. I haven't used it myself because I'm using a self-written script for creating challenges with KMail. Could you elaborate a little on the procedure you use to generate

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus Frings wrote: * Todd Zullinger [EMAIL PROTECTED] wrote: What I don't see in any of the links is more information about sending an email challenge before signing a key. (My apologies if I'm overlooking it on your page or any of the others

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ingo Klöcker wrote: On Friday 07 July 2006 17:09, Todd Zullinger wrote: [...] But that does mean that you can't get a signed key to someone if the key you've signed doesn't have any encryption capabilities, correct? That's obviously correct

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi David, David Shaw wrote: I've been away on vacation and only picked up this thread now. Hope it was relaxing. Welcome back seems like a negative thing to say. ;) This statement is not correct. Back in the PGP 2.x days, this might have been

Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm putting together a short talk for my local LUG as we're planning to have a keysigning party in the near future and some folks want to hear more details so they'll understand better. I was wondering if some folks here have detailed their

Re: Keysigning challenge policies/procedures

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus Frings wrote: * Todd Zullinger [EMAIL PROTECTED] wrote: I was wondering if some folks here have detailed their challenge policies and procedures and if you'd mind sharing them if you have? Even handier would be some scripts to help

Re: mime and pgp.asc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 alifbaa wrote: I am currently using GPG 1.4.3 on my mac powerbook G4 OSX 10.4.6 I hope that this is the right forum to post this question, but when i send an email with attachment and encrypt and sign it, it converts the message into two

Re: sha2 utilities: Print or check SHA-2 digests

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 rmyster wrote: Yes, suse 10.1 with coreutils-5.93-20. In the info manual, sha2 is mentioned under section 6.6 (sha2 utilities) and all it says is The usage and options of these commands are precisely the same as for `md5sum'. While this isn't

Re: GnuPG asks for confirmation...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 engage wrote: On Thursday 01 June 2006 08:59 pm, Todd Zullinger wrote: engage wrote: Why is someone sending an encrypted message to this list? It's not encrypted. It's just signed and armored. Doesn't your mail client automatically display

Re: GnuPG asks for confirmation...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Brown wrote: On Thu, Jun 01, 2006 at 10:59:54PM -0400, Todd Zullinger wrote: engage wrote: Why is someone sending an encrypted message to this list? It's not encrypted. It's just signed and armored. Doesn't your mail client

Re: Signing vs. encrypting was: Cipher v public key.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Janusz A. Urbanowicz wrote: gpg integrates better with autimation and I really doubt that there is current, supported PGP for anything else than windows and mac. While I prefer gnupg to pgp myself, I did just happen to see a reference to pgp

Re: How to tell the gpg agent to forget a passphrase

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Gellert wrote: Hi, is there any documentation on the commands that the gpg agent understands? info gnupg has documentation on gpg-agent. I'm not sure if it has all that you're looking for, but it should be a good start. I am usign gpg