Re: how to suppress warning about gpg-agent?
On Mon, 8 Mar 2010 13:22, power...@powerman.name said: I don't think so. Every project encrypt it backups with different passwords (needed for security), and right now I can keep just several dozens of passwords, but with public keys I'll need to keep several dozens of .gnupg directories instead, which is harder to manage. You would use the same keyring for all users. The option --homedir might be useful for this. I wonder what is physical sense of this number? Is it safe to hardcode one number for all user accounts on same server (many servers)? It is a kind of iteration count for the passpharse; i.e. how often to hash the passphrase. This is to mitigate dictionary attacks. A fixed value is fine. P.S. But I still think much more clear solution is just add option to suppress warning message and let gpg start own copy of gpg-agent when it We could use --quiet to suppress this warning. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to suppress warning about gpg-agent?
Hi! On Mon, Mar 08, 2010 at 01:06:06PM +0100, Werner Koch wrote: FWIW, You should use public key encryption instead of symmetric only encryption. This makes everything much easier. I don't think so. Every project encrypt it backups with different passwords (needed for security), and right now I can keep just several dozens of passwords, but with public keys I'll need to keep several dozens of .gnupg directories instead, which is harder to manage. A littel warning: gpg-agent is is a cornerstone of GnuPG-2. You can't do much without it. Today gpg2 might be usable without a running gpg-agent but with the current branch this will change: All secret key operations are then diverted to the agent. I know. Right now it run gpg-agent in server mode and talk to it STDIN - that's ok for my needs. I don't try to avoid running gpg-agent, I just wanna suppress warning. In your case the agent is required to return the S2K count. This values is computed only once because it takes some time can can't be done for each invcation. To avoid this you may try option --s2k-count N. You can get a suitable value for N on your machine by running the command gpg-connect-agent 'getinfo s2k_count' /bye Wow, it works! With this parameter gpg doesn't output that warning anymore (and doesn't try to start gpg-agent). I wonder what is physical sense of this number? Is it safe to hardcode one number for all user accounts on same server (many servers)? P.S. But I still think much more clear solution is just add option to suppress warning message and let gpg start own copy of gpg-agent when it need it. -- WBR, Alex. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: how to suppress warning about gpg-agent?
On Mon, 8 Mar 2010 01:43, power...@powerman.name said: I've a lot of projects (each has separate user account) which use gpg for encrypting daily backups (from cron) in this way: gpg --batch --cipher-algo AES256 -c --passphrase-file PASSFILE BACKUP.tar FWIW, You should use public key encryption instead of symmetric only encryption. This makes everything much easier. I don't like to run gpg-agent as a daemon on all these user accounts just to suppress this warning message (and there may be additional issues to make it accessible from cron scripts, too). A littel warning: gpg-agent is is a cornerstone of GnuPG-2. You can't do much without it. Today gpg2 might be usable without a running gpg-agent but with the current branch this will change: All secret key operations are then diverted to the agent. In your case the agent is required to return the S2K count. This values is computed only once because it takes some time can can't be done for each invcation. To avoid this you may try option --s2k-count N. You can get a suitable value for N on your machine by running the command gpg-connect-agent 'getinfo s2k_count' /bye Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
