Re: decrypting to stdout does not work properly
Fourhundred Thecat via Gnupg-users writes: Also, is there a command for unlocking the agent without actually decrypting anything ? Hi, funny that I asked exactly the same question a few years ago. I wanted to check if my keyring was unlocked before doing any actual operation. Apparently the solution is to send an SCD command and then try to to what you really want to do (i.e. decrypting a key). You might find this thread useful: https://lists.gnupg.org/pipermail/gnupg-users/2020-December/064520.html SCDaemon documentation (with all the commands) at: https://www.gnupg.org/documentation/manuals/gnupg/Scdaemon-Protocol.html In the end I have scripted the unlocking of a smartcard but the resulting script is a bit convoluted because the output of gpg-connect-agent is not super useful. HTH ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ftp down
Werner Koch via Gnupg-users writes: I agree with your arguments. However, not providing FTP saves us from a lot of bike shedding discussions ;-) All technical considerations aside, would it make it sense to make it official with a short announcement, even "a posteriori"? My reasoning being: if there is one user that took their time to come here and report this, then maybe there are others. GnuPG is certainly a very visible project, probably good communication is beneficial for both end users and the project itself. All the best, ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg cards
Hi! Philipp Schmidt writes: I have tried to something in the docs about this, but without success. For quite a while now, I am using a yubikey as gpg card and that is working really good. Since it is risky to have only one Key, I just purchased another one to create a clone of the first. So I went ahead and copied the very same keys from the backup to the second. But trying to actually use does not work, I get an error like: 'please insert card: […]' So. This is a known issue, have a look here [0] What can I do to make gpg use the card as well (if possible) ? You can follow the guide in that repository and move your private key to the Yubikey (be careful, once there the key *cannot* be moved anywhere else) and configure gpg to retrieve the key there (I think by adding `use-agent` in the gpg.conf file). Feel free to have a look here [1] Another thing I would really love to know is: Is it possible to use the gpg card as smartcard for the system login as well? Right now I am using the PIV functionality of the yubikey, but would really prefer to use one system. AFAIK it is possible using the Yubikey PAM module [2] but never tested and I don't know if it works for all use cases. Last but not least I am still on a quest for a setup to use Full Disk Encryption and Security Token to actually decrypt the Disk on boot. Off the top of my head I can think of a setup using LUKS volumes but don't have specific advice on the matter. cheers, [0] https://github.com/drduh/YubiKey-Guide/issues/19#issuecomment-458663857 [1] https://git.sr.ht/~jman/dotfiles/tree/master/item/gnupg/.gnupg [2] https://developers.yubico.com/yubico-pam/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: RSS/Atom for the GnuPG blog?
Vladimir Nikishkin via Gnupg-users writes: There is a nice blog that GnuPG people write: https://www.gnupg.org/blog/index.html But there seems to be no way to subscribe to it via standard Atom/RSS feed. Is this intentional? Or maybe I just haven't found the links? There's no direct RSS/Atom feed (afaics). However the blog is a git repository [0] with a RSS/Atom feed (there's a link at the bottom of the page). As a workaround you subscribe to that feed (I didn't test it). regards, [0] https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg-doc.git;a=tree;f=misc/blog.gnupg.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Plan B - Who carries the torch?
Ryan McGinnis via Gnupg-users writes: Why does GPG continue to be developed with email uses in mind even though it's now widely accepted that GPG is a terrible way to securely communicate with another person and that a number of much more secure, much more robust, much less complicated (from the end user perspective) solutions exist? genuine question, what are other proposals for communicating in a way that is as secure and decentralized but simpler to handle for an end user (especially not technically inclined)? (apologies for kind-of-stealing the thread topic) thanks. Regards, ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Unlock smartcard PIN without decrypting a file
To do the verification without any operation you can use "gpg
--card-edit" and then enter "verify".
If you want to see the commands send to the scd run
gpg --debug ipc --card-edit
Thank you so much for the detailed anwser! Based on your suggestion I
could debug that the "verify" command sends:
gpg/card> verify
gpg: DBG: chan_4 -> SCD CHECKPIN AAABBBCCCDDD
gpg: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 401855 tty 1.1.0 /dev/pts/0
xterm-kitty -
gpg: DBG: chan_4 -> END
therefore the onliner I was looking for could look like this:
gpg-connect-agent 'SCD CHECKPIN AAABBBCCCDDD' /bye
("AAABBBCCCDDD" being the serial number of the smartcard)
regards,
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
