To my knowledge, no (explicit) agent forwarding is required for
ProxyJump configurations.
I am using the following configuration to access a LAN machine over the
Internet. Both machines use the GnuPG key for authentication.
Host rdeep
HostName 192.168.1.151
ProxyJump verbuecheln.ch
Thomas wrote:
Hi,
this is exactly what I thought.
However, there's no solution for it.
Let me repeat my comments posted previously to get an overview what is
working...
Actually I have a working setup on Windows 10, but here I use another
terminal emulator: MobaXterm.
And in the settings of
Hi,
this is exactly what I thought.
However, there's no solution for it.
Let me repeat my comments posted previously to get an overview what is
working...
Actually I have a working setup on Windows 10, but here I use another
terminal emulator: MobaXterm.
And in the settings of MobaXterm I
Thomas via Gnupg-users wrote:
Hello Stephan,
thanks for your reply.
When you say I should modify ~/.ssh/config, where is this file?
On jumphost?
You need to configure SSH agent forwarding on your client, which will
provide access to your local SSH agent at the jumphost via the SSH
Hello Stephan,
thanks for your reply.
When you say I should modify ~/.ssh/config, where is this file?
On jumphost?
Actually I have a working setup on Windows 10, but here I use another
terminal emulator: MobaXterm.
And in the settings of MobaXterm I enabled SSH forwarding.
As of now I don't
On 25.11.23 13:24, Thomas Schneider via Gnupg-users wrote:
> Hello Stephan,
>
> thanks for your reply.
>
> When you say I should modify ~/.ssh/config, where is this file?
> On jumphost?
>
> Actually I have a working setup on Windows 10, but here I use another
> terminal emulator: MobaXterm.
>
Hello Stephan,
thanks for your reply.
When you say I should modify ~/.ssh/config, where is this file?
On jumphost?
Actually I have a working setup on Windows 10, but here I use another
terminal emulator: MobaXterm.
And in the settings of MobaXterm I enabled SSH forwarding.
As of now I don't
Hello Stephan,
thanks for your reply.
When you say I should modify ~/.ssh/config, where is this file?
On jumphost?
Actually I have a working setup on Windows 10, but here I use another
terminal emulator: MobaXterm.
And in the settings of MobaXterm I enabled SSH forwarding.
As of now I don't
Coincidentally, I have a similar setup. Fortunately, you do *not* need
Agent Forwarding for authentication via jump hosts.
The entry for your host (in “~/.ssh/config”) for this host should look
something like this:
Host myalias
HostName myserver.com
ProxyJump jumpserver.net
Hello,
I'm trying to configure a solution for this use case:
SSH SSH
Client > Jumphost > Server
(Windows 11) (Linux) (Linux)
I connect a Nitrokey security-token (that is comparable to Yubikey) with
OpenPGP keys to
Hi,
Recently I have been working with GPG and 2 smartcards (Yubikey).
Despite some information here an there on internet, some things are
still not clear to me.
My setup has 1 master key with 6 subkeys, twice 3 keys for different
purposes(A,E,S). So each smartcard will receive 3 keys
Yes, will do that. And the full chain from start to finish with a test
key. Deal.
On 8/19/22 16:25, Andrew Gallagher wrote:
> On 19 Aug 2022, at 17:17, kho wrote:
>>
>> Thanks for this fast, complete and clear answer.
>>
>> I am going to see if I can still pick up somewhere or just remove all I
On 19 Aug 2022, at 17:17, kho wrote:
>
> Thanks for this fast, complete and clear answer.
>
> I am going to see if I can still pick up somewhere or just remove all I
> did and start all over by following your steps.
Just a note of caution: since it is quite an involved process I would
verification. There is no equivalent ability for
> encryption subkeys, as clients will encrypt to only the most recent valid
> encryption subkey. If you lose/break the smartcard with the only copy of an
> encryption subkey then there is no way to recover.
>
> You can save the same
f the keys before you remove them from
> the disk. If both cards are broken you can still type the keys in and
> create a new smartcard. Exact procedures depend on your threat model.
>
>
> Salam-Shalom,
>
>Werner
>
___
d2 is stolen. Then I revoke the smartcard2 subkeys
No need to. Save a paper copy of the keys before you remove them from
the disk. If both cards are broken you can still type the keys in and
create a new smartcard. Exact procedures depend on your threat model.
Salam-Shalom,
Werner
--
turn during verification. There is no equivalent ability for encryption
subkeys, as clients will encrypt to only the most recent valid encryption
subkey. If you lose/break the smartcard with the only copy of an encryption
subkey then there is no way to recover.
You can save the same key material
Hi,
Recently I have been working with GPG and 2 smartcards (Yubikey).
Despite some information here an there on internet, some things are
still not clear to me.
My setup has 1 master key with 6 subkeys, twice 3 keys for different
purposes(A,E,S). So each smartcard will receive 3 keys. It works
On Thu, 11 Aug 2022 17:25, Sosthène Guédon | Nitrokey said:
> That makes sense to me. However why offer curves not supported by the
> hardware?
Because we can't now what curves a certain smartcard supports. The
announcement of the car capabilities is a relative new and optional
OpenPG
On Thu, 11 Aug 2022 14:58, Sosthène Guédon | Nitrokey said:
> I'm using gpg 2.2.36 and a OpenPGP smart card implementation we are
> currently developing.
You should better use the stable branch (2.3) instead of the LTS.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the
n 8/11/22 15:30, Ingo Klöcker wrote
Only experts will be able to make an educated decision between P-256 and
P-384. It's good to give "normal" people less choice by default because more
choice will just confuse them even more. Even having to choose between
Curve25519 and P-384 will be too much
On Donnerstag, 11. August 2022 09:39:24 CEST Sosthène Guédon | Nitrokey via
Gnupg-users wrote:
> I don't understand why generating a key on a smartcard only offers
> Curve25519 and P-384 for ECC cryptography unless the --expert flag is used.
You are asking the question the wrong way. Why
Hi!
Please share your GnUPG version and the type of smartcard you are using
with us. A 9 year old commit is not very helpful.
I'm using gpg 2.2.36 and a OpenPGP smart card implementation we are currently
developing.
You're right the commit itself isn't very helpful, here are is the code
Hi!
Please share your GnUPG version and the type of smartcard you are using
with us. A 9 year old commit is not very helpful.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
signature.asc
Description: PGP
Hi!
I don't understand why generating a key on a smartcard only offers Curve25519
and P-384 for ECC cryptography unless the --expert flag is used.
P-384 is offered even when the hardware key doesn't support it and other curves
which the hardware supports are not offered which is confusing.
Why
Well, I think I could extend my SPR332 [mod][1]:
* Add a push-button that one has to press to close the C7 circuit for
I/O. Without that button pressed, the smart card cannot communicate
with the reader. That means, for every operation, one would need to
hold that button, kind of
Jacob Bachmeyer via Gnupg-users writes:
>> After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], […]
>
> Does your smartcard reader have its own keypad for entering the PIN?
yes
___
Gnupg-users mailing list
Gnupg-users@gnu
Felix E. Klee wrote:
After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], I can
use it to decrypt as many files as I want. While this is convenient, it
is not great if the system is compromised and I forget to unplug the
card reader.
Is there any way to limit how long the OpenPGP
On Thu, 27 Jan 2022 at 14:54, Matthias Apitz wrote:
> gpgconf --reload scdaemon
Gotta try that, maybe execute it with a timer, better than nothing.
Best would be if the card itself could be configured to only do a
certain number of operations after being unlocked. I think everything
else is
After I unlock an OpenPGP SmartCard V2.1 in my SPR332 [mod][1], I can
use it to decrypt as many files as I want. While this is convenient, it
is not great if the system is compromised and I forget to unplug the
card reader.
Is there any way to limit how long the OpenPGP SmartCard remains
Thank you for the feedback and suggestions. As happens in most open source
software, a few updates and weeks later, key regeneration worked just fine. So
the error may have been some library mismatch.
Updating the beginner documentation with these debugging suggestions may divert
some amateurs
On Sat, 4 Sep 2021 12:11, Borden said:
> According to gpg --card-status, I have an OpenPGP card v. 2.1 made by
> LogoEmail (that's not from whom I bought it, so I'm not sure if the
Note that re-configuring a card is only possible with certain cards; it
is an optional feature of the
Hi Borden,
Am Samstag 04 September 2021 12:11:34 schrieb Borden via Gnupg-users:
> Can I get some troubleshooting guidance to understand this output and why
> I cannot generate a new encryption key?
in general, increasing verbosity helps to understand better what is going on.
For most GnuPG
if the information is even
correct).
I'm trying to follow
https://gnupg.org/howtos/card-howto/en/smartcard-howto.html . I get to part
3.3. When I type "generate" and enter the requested information, I get the
following output after a brief pause:
gpg: signing failed: Invalid
Hi!
On Fri, 6 Aug 2021 18:36, Joey Berkovitz said:
> I was looking through the Smartcard commands and found that while most
> commands related to attribute changes output an SC_OP_SUCCESS, except for
> the name change command which doesn't output a success message on the
> status-f
Hi,
I was looking through the Smartcard commands and found that while most
commands related to attribute changes output an SC_OP_SUCCESS, except for
the name change command which doesn't output a success message on the
status-fd.
The relevant code for each of the attribute commands is listed
On Sun, 20 Jun 2021 18:57, mailinglisten--- said:
> is there any educated guess, when some safe curve (25519?) will find
> their ways into openPGP smart cards?
Yubikeys and the Gnuk token support 25519 for a long time now. For the
Zeitcontrol card, I can't give a concrete timeline.
On Sun, 2021-06-20 at 18:57 +, mailinglisten--- via Gnupg-users
wrote:
> is there any educated guess, when some safe curve (25519?) will find
> their ways into openPGP smart cards?
Some cards already support Curve25519; I'm signing this with my
Nitrokey Start (which is really a Gnuk) using my
Hi there,
is there any educated guess, when some safe curve (25519?) will find
their ways into openPGP smart cards?
regards
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Donnerstag, 7. Januar 2021 10:47:35 CET Bernhard Reiter wrote:
> Hi,
>
> just wanted to report that that Cherry ST-2100 smartcard reader
> responded without further configuration on Debian Buster
> with gnupg2-2.2.20-1~bpo10+1.
>
> Do we have a good place to collect exp
Hi,
just wanted to report that that Cherry ST-2100 smartcard reader
responded without further configuration on Debian Buster
with gnupg2-2.2.20-1~bpo10+1.
Do we have a good place to collect experience reports about devices
and tokens?
Just tested gpg --card-status, do we have a good test (plan
Vincent Pelletier wrote:
> I would like to announce my implementation of a software CCID card
> reader targeting the Linux gadget subsystem, along with a smartcard OS
> and openpgp card application to use with this reader.
Great. (And thanks for the patches for tests of Gnuk. I'll ap
ect-agent 'SCD CHECKPIN AAABBBCCCDDD' /bye
("AAABBBCCCDDD" being the serial number of the smartcard)
regards,
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
On Tue, 29 Dec 2020 15:13, Journeyman said:
> that SCD commands do not require the PIN.
The PIN is passed to the card and processed by the card. Thus the card
decides on whether an operation needs a PIN. Usually the PIN is
required only once and valid until the card is powered down
(e.g.
Howdy,
usually I unlock my Yubikey and enter its PIN when I need to decrypt a
file.
Sometimes I'd like to unlock the smartcard without really interacting
with the private key stored there.
Is there an SCD command that allows me to do this? I've read the GNUPG
manual but couldnt really find
of a software CCID card
reader targeting the Linux gadget subsystem, along with a smartcard OS
and openpgp card application to use with this reader.
- CCID card reader:
https://github.com/vpelletier/python-usb-f-ccid
- smartcard OS:
https://github.com/vpelletier/python-smartcard
- OpenPGP app
On Donnerstag, 10. Dezember 2020 11:57:53 CET Heiko Carrasco via Gnupg-users
wrote:
> I recently got the "new" version of GnuPG 2.2.24 through my distribution
> and noticed some form of bug together with my smartcard.
It's a regression. It has already been fixed. See below. Yo
Hello,
I recently got the "new" version of GnuPG 2.2.24 through my distribution
and noticed some form of bug together with my smartcard.
When I attempt to use gpg to decrypt something I get the following
error:
$ gpg -d test.gpg
gpg: encrypted with 4096-bit RSA key, ID 1632F70C0F46310
Using gpg (GnuPG) 2.2.19, is there a way to specify a reader when multiple
readers are available? For example:
$ gpg --card-status --reader FEITIAN
gpg: WARNING: "--reader-port" is an obsolete option - it has no effect
except on scdaemon
I seem to only be able to interact with smartcards or the
aybe confiscicated at an Airport etc.?
>
> Well, that's the argument for having at least primary/cert key and encryption
> subkey not *only* on the smartcard but also in a safe place somewhere.
>
> For a signature subkey it doesnt matter then if you lose it (just make a new
> one),
ment for having at least primary/cert key and encryption
> subkey not *only* on the smartcard but also in a safe place somewhere.
>
> For a signature subkey it doesnt matter then if you lose it (just make a new
> one), and for an authentication subkey you need to prepare to have
*only* on the smartcard but also in a safe place somewhere.
For a signature subkey it doesnt matter then if you lose it (just make a new
one), and for an authentication subkey you need to prepare to have some
alternative means of access (or also a backup).
--
Andreas K. Hüttel
dilfri...@gentoo.org
> On 7 Mar 2020, at 23:13, Stefan Claas via Gnupg-users
> wrote:
>
> What I would like to know how people handle the case when a SmardCard gets
> lost,
> broken or maybe confiscicated at an Airport etc.?
I generate my keys in a copy of Tails and then copy to smartcard witho
Andreas K. Huettel via Gnupg-users wrote:
> Hi all,
>
> so here's a question that I'm sure people here have already been thinking
> about... Like probably many others here I have a gpg smartcard with three
> subkeys Sign, Encrypt, Authenticate, and an offline Certify master
Hi all,
so here's a question that I'm sure people here have already been thinking
about... Like probably many others here I have a gpg smartcard with three
subkeys Sign, Encrypt, Authenticate, and an offline Certify master key at a
safe
place.
* If I want to let my Signature subkey expire
> (...)
> If no PIN has been verified, the --card-status command will only ever
> print out the contents of private DOs #1 and #2.
>
> While we are at it, *writing* to the private DOs #1 and #3 requires the
> user PIN, and writing to the private DOs #2 and #4 requires the admin PIN.
>
> You can
On Fri, Jan 31, 2020 at 12:55:05AM +0100, mailing list wrote:
I hoped these objects may have been (read) protected by the PIN, but
they´re world readable if you have the card, a bit sad...
Only Private DOs #1 and #2 are readable without any PIN. Reading the
private DO #3 requires the user
On Fri, Jan 31, 2020 at 12:39:11AM +0100, mailing list wrote:
By the way, is mcl3 the length of the key currently living on the
smartcard or the maximum key length supported by this card?
Neither of those. It's the maximum length of the "Cardholder certificate
DO". This is another d
> (...)
> You can use the (undocumented) command "privatedo" from GnuPG's
> --card-edit menu. For example, to write into the private DO #1:
> (...)
>> And can GnuPG read these objects?
>
> Yes. If a private DO contains a value, it will be listed in the output
> from the --card-status command.
I
an use the (undocumented) command "privatedo" from GnuPG's
> --card-edit menu. For example, to write into the private DO #1:
Great, thanks!
> S EXTCAP gc=1+ki=1+fc=1+pd=1+mcl3=2048+aac=1+sm=0+si=5+dec=0+bt=1+kdf=1
By the way, is mcl3 the length of the key currently living on
read these objects?
Yes. If a private DO contains a value, it will be listed in the output
from the --card-status command.
I read somewhere, the size of these objects is 2048 bytes each. How
many of these objects do exist on a smartcard?
First, note that private DOs are an optional feature of
these objects?
I read somewhere, the size of these objects is 2048 bytes each. How many
of these objects do exist on a smartcard?
Thanks!
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hi,
When using keytocard, the keyring is informed that the key is now
stored on a smartcard... only (unless removed explicitly).
If the smartcard is unavailable (lost or whatever), is there an *easy*
way to tell the agent to automatically use the local key, if present ?
Basically
Dirk-Willem van Gulik wrote:
> During a pretty standard create key; key to card cycle (scripted) - I got an
> error
>
> gpg: OpenPGP card not available: Card removed
>
> just after the ‘save’ in the —edit-key. A subsequent status check gives me:
>
> gpg2 --card-status
> gpg:
During a pretty standard create key; key to card cycle (scripted) - I got an
error
gpg: OpenPGP card not available: Card removed
just after the ‘save’ in the —edit-key. A subsequent status check gives me:
gpg2 --card-status
gpg: OpenPGP card not available: Card
Exmos. Senhores,
Recebemos a informação que tiveram hoje a amabilidade de nos transmitir e que
muito agradecemos.
Vamos imediatamente analisar o caso e responderemos com a máxima brevidade
possível ao vosso pedido. Assim que for possível, o Serviço de Apoio ao Cliente
entrará em contacto
On Sat, 2 Nov 2019 12:20, Horst Skatmus said:
> I do not understand how the gpg-agent determines where to look for the
> private key (disk or smartcard) and where this is configured. I can switch
> off the scdaemon via --disable-scdaemon but this has no effect.
At the time you us
Hello,
Horst Skatmus wrote:
> The only problem I have is that the gpg-agent always checks for the
> smartcard even when keys are not stored on a smartcard.
When gpg-agent works as ssh-agent, it always checks (possible)
authentication key on smartcard, so that the authenticaiton key
I have installed GnuPG Windows on a Windows 10 machine and I'd like to use
it with Putty as key based ssh authentication together with a smartcard. I
got everything working fine.
The only problem I have is that the gpg-agent always checks for the
smartcard even when keys are not stored
On Tue, Oct 15, 2019 at 10:52 PM NIIBE Yutaka wrote:
> Hello,
>
> I think that your configuration of smartcard is somehow broken.
>
The only thing I have been able to confirm is that gpg, at some point after
2.0.22, stopped allowing the use of the same subkey in multiple slots.
I just realized my reply did not go to the list.
-- Forwarded message -
From: alejandro Cortez
Date: Tue, Oct 15, 2019 at 9:43 AM
Subject: Re: Cannot decrypt from smartcard using gnupg-2.2, can from 2.0
To: Niibe Yutaka
On Mon, Oct 14, 2019 at 12:18 AM Niibe Yutaka wrote
alejandro Cortez wrote:
> gpg: public key decryption failed: Invalid ID
This means that something goes wrong in your private key file for
your token, I suppose.
> Can anyone help debug this?
You can see more information, by following command line:
$ gpg-connect-agent "KEYINFO --list" /bye
and for/from other people during that time. I've used the
smartcard on 3 different hosts (also 14.04) by using fetch and running
card-status. On gnupg-2.2, whether signed or not, attempting to decrypt a
file with me as the recipient fails with:
gpg: public key decryption failed: Invalid ID
gpg
encrypted to a public key are hybrid encryption: the
asymmetric (public/private) crypto is used to establish a per-message
shared secret. This shared secret is used by a symmetric encryption
algorithm to encrypt the actual data.
The smartcard does the asymmetric part of it all by itself, the comp
On 04/04/2019 16:10, Peter Lebbing wrote:
> I don't expect 4k RSA to be very snappy, though. You might want to
> reconsider your choice of algorithm and/or length.
On the v2.1 Zeitcontrol cards, 4096 bit RSA takes a couple of seconds
per operation. This is fine if you're just doing bits and
On 04/04/2019 14:06, Thomas Glanzmann wrote:
> I'm looking for a recommendation for a cardsized 4 kbit RSA smartcard
> with 3 keyslots
Well, the ZeitControl card, which was the first OpenPGP Card on the
market, is now at version 3.3 which would seem to support what you ask
for.[1]
Hello,
I'm looking for a recommendation for a cardsized 4 kbit RSA smartcard
with 3 keyslots which works with Linux und Windows and gnupg. Has anyone
a recommendation. At the moment I use yubikey but I aquired a laptop
with a smartcard reader that I would like to use in order to free up an
USB
On 04/09/18 11:01, Peter Lebbing wrote:
> On 04/09/18 10:17, Andrew Gallagher wrote:
>> And I have just confirmed (by sending that mail) that both the first
>> auth operation AND the first signing operation fail, separately.
>
> I have no idea, it's quite curious. As an added bread crumb to
On 04/09/18 10:17, Andrew Gallagher wrote:
> And I have just confirmed (by sending that mail) that both the first
> auth operation AND the first signing operation fail, separately.
I have no idea, it's quite curious. As an added bread crumb to follow:
what do the PIN retry counters say after the
On 04/09/18 09:11, Andrew Gallagher wrote:
> Hi, all.
>
> I've had a pgp smartcard v2.1 for years now (two, actually), and I've
> noticed that no matter what operation I perform, the first attempt after
> inserting the card, or waking from sleep with the card inserted, fails.
Hi, all.
I've had a pgp smartcard v2.1 for years now (two, actually), and I've
noticed that no matter what operation I perform, the first attempt after
inserting the card, or waking from sleep with the card inserted, fails.
Example:
```
andrewg@fred:~$ ssh my.server
sign_and_send_pubkey
tanding of and working with it.
>I became a member of Free Software Foundation Europe, and got a
>smartcard. I wanted to use it.
>
>And that is where the trouble started:
>I intended to copy all my personal keys to the smart card.
>In Kleopatra, I selected "Tools/Manage smartcards
Dear GnuPG,
I am already using GnuPG for a long time. But try to improve my
understanding of and working with it.
I became a member of Free Software Foundation Europe, and got a
smartcard. I wanted to use it.
And that is where the trouble started:
I intended to copy all my personal keys
On 16/08/18 07:52, Felix E. Klee wrote:
> PS: I’m toying with the idea of switching from my smart card to a
> Trezor hardware token. This would mean generating an entirely new key
> (only 256 bit ECC supported).
I didn't look at the Trezor to check, but I'll assume it allows usage
with GnuPG
On Wed, Aug 15, 2018 at 1:57 PM Peter Lebbing wrote:
> > https://gist.github.com/cipriancraciun/c8a0dfb973b586053c167fec91093d9c
>
> Hey, that systemd service file seems to basically grab cryptsetup
> handling from the clutches of systemd, enabling all sorts of operations
> not possible with
On 06/08/18 08:38, Ciprian Dorin Craciun wrote:
> My script and systemd service file can be found at the following link:
>
> https://gist.github.com/cipriancraciun/c8a0dfb973b586053c167fec91093d9c
Hey, that systemd service file seems to basically grab cryptsetup
handling from the clutches of
On Wed, Aug 1, 2018 at 7:32 PM Peter Lebbing wrote:
> AFAIK, this is just systemd delegating passphrase querying to the
> physically present user. I suppose if you could somehow influence where
> it got the passphrase from, there might be a way to achieve it, but I
> have no idea how. That's all
Dirk Gottschalk via Gnupg-users writes:
> Is it possible to encrypt an external USB drive in LUKS format with an
> OpenPGP smartcard? The device is, until now, only passphrase encrypted
> and mounted on detect.
>
> Would it be possible to let gpg ask for the PIN of the card, it i
On 01/08/18 18:16, Dirk Gottschalk wrote:
> Coult this be raplaces by the smartcard
> to use the gpg key in some way?
AFAIK, this is just systemd delegating passphrase querying to the
physically present user. I suppose if you could somehow influence where
it got the passphrase from, there
Hi,
Am Mittwoch, den 01.08.2018, 18:06 +0200 schrieb Peter Lebbing:
> On 01/08/18 17:41, Dirk Gottschalk via Gnupg-users wrote:
> > Is it possible to encrypt an external USB drive in LUKS format with
> > an
> > OpenPGP smartcard?
>
> On a system with systemd: no, I d
On 01/08/18 17:41, Dirk Gottschalk via Gnupg-users wrote:
> Is it possible to encrypt an external USB drive in LUKS format with an
> OpenPGP smartcard?
On a system with systemd: no, I don't think this can be done. Systemd
doesn't want to implement cryptsetup keyscripts, and those would be
Hi.
Is it possible to encrypt an external USB drive in LUKS format with an
OpenPGP smartcard? The device is, until now, only passphrase encrypted
and mounted on detect.
Would it be possible to let gpg ask for the PIN of the card, it it's in
locket state?
Regards,
Dirk
--
Dirk Gottschalk
* GnuPG Users [2018-06-30 13:22]:
> > What doesn't work is the "please insert smartcard" dialog when the
> > key
> > is not plugged in. I manually added the correct keygrip to the
> > sshcontrol file but this does not work. On my MacOS the same config
>
On 07/04/2018 01:23 PM, Werner Koch wrote:
> Hi!
>
> Are you setting the homedir in your code also for the Assuan context?
> That might explain the behaviour.
I had been manually setting the Assuan context's homedir to ~/.gnupg by
accident (Was originally using a temporary directory, but that
Hi!
Are you setting the homedir in your code also for the Assuan context?
That might explain the behaviour.
Shalom-Salam,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpGNpv0Jj7Xp.pgp
Description: PGP
On Wed, 27 Jun 2018 22:50, tookm...@gmail.com said:
> I have two gpgme contexts, one for openpgp and another for assuan
> commands to the smartcard. Pinentry triggered by the openpgp context
> works perfectly, but any pinentry launched in service of the assuan
> context fails wi
or openpgp and another for assuan
>> commands to the smartcard. Pinentry triggered by the openpgp context
>> works perfectly, but any pinentry launched in service of the assuan
>> context fails with the error in the subject. They're both using the same
>> gpg-agent l
On 06/27/2018 04:50 PM, Jacob Adams wrote:
> I've got another pinentry problem unfortunately.
> The tty is owned by the correct user this time and $GPG_TTY is set
> correctly.
>
> I have two gpgme contexts, one for openpgp and another for assuan
> commands to the smartcard.
I've got another pinentry problem unfortunately.
The tty is owned by the correct user this time and $GPG_TTY is set
correctly.
I have two gpgme contexts, one for openpgp and another for assuan
commands to the smartcard. Pinentry triggered by the openpgp context
works perfectly, but any pinentry
Hello,
I'm using pinentry (GTK2) on my Xubuntu. My authentication key is
saved on a Yubikey4. Pinentry does work when the key is inserted and
displays the PIN entry dialog just fine.
What doesn't work is the "please insert smartcard" dialog when the key
is not plugged in. I manu
1 - 100 of 802 matches
Mail list logo