updating gpg keys
At one point, quite possibly at the BLU keysigning, someone mentioned that it would be useful to have a script that would automatically update the keys on your keyring. The purpose of doing so is to obtain the latest signatures on keys that you have, and widen your ring of trust. I just hacked up a little perl script to do this. You could add it to your crontab to make sure it's done automatically for you, every so often... I provide it here in the hope that it will be useful to someone. =8^) You could also do the same thing with --send-key, if your keys are changing often enough through means other than downloading them via keyservers... Not sure how useful that would be though, so I didn't bother to include it in the script. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D #!/usr/bin/perl my $gpg = "/usr/bin/gpg"; my $keysv = "--keyserver pgp.mit.edu"; open(GETGPGKEYS, "$gpg --list-keys|"); while (){ if (/^pub/){ s!^.*[0-9]{3,4}[dDgGR]/([0-9A-F]*) .*!0x$1!; system("$gpg $keysv --recv-key $_"); } }
Re: updating gpg keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At some point hitherto, mike ledoux hath spake thusly: > No need for a script, just use 'gpg --refresh-keys'. Also, you might want > to start using '--keyserver keyserver.kjsl.com' instead of pgp.mit.edu, > as the kjsl keyserver supports multiple subkeys properly. You must have a newer gpg than I have... $ gpg --refresh-keys gpg: Invalid option "--refresh-keys" I've also read (albeit quite a while ago) the GPG users manual, and there was no mention of such an option... Thanks for the tip on the keyserver though! - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9pGzadjdlQoHP510RAtiWAKCbiZAFkw0E5DKjixfpxhyzbu+KkwCgjKKF CTs6GIsUx1Ylo+qSGE+EJr8= =vLYM -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: updating gpg keys
semi-ot: someone i know has twiddled mailman into working with pgp. dunno exactly what that means, but if you want to know more, ask ben laurie <[EMAIL PROTECTED]>. -- #kenP-)} Ken Coar, Sanagendamgagwedweinini http://Golux.Com/coar/ Author, developer, opinionist http://Apache-Server.Com/ "Millennium hand and shrimp!" ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: updating gpg keys
In a message dated: Wed, 09 Oct 2002 13:52:27 EDT "Derek D. Martin" said: >At some point hitherto, mike ledoux hath spake thusly: >> No need for a script, just use 'gpg --refresh-keys'. Also, you might want >> to start using '--keyserver keyserver.kjsl.com' instead of pgp.mit.edu, >> as the kjsl keyserver supports multiple subkeys properly. > >You must have a newer gpg than I have... Worked great for me. I'm using: $ gpg --version gpg (GnuPG) 1.0.7 > Thanks for the tip on the keyserver though! Yeah, thanks, it's good to have a server that works finally :) -- Seeya, Paul -- It may look like I'm just sitting here doing nothing, but I'm really actively waiting for all my problems to go away. If you're not having fun, you're not doing it right! ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
[Fwd: SOT: Evolution and gpg signature verification (was: Re:updating gpg keys)]
Sorry, this might show up twice. -Forwarded Message- > From: Paul Iadonisi <[EMAIL PROTECTED]> > To: Greater New Hampshire LUG <[EMAIL PROTECTED]> > Subject: SOT: Evolution and gpg signature verification (was: Re: updating gpg keys) > Date: 09 Oct 2002 14:35:09 -0400 > > On Wed, 2002-10-09 at 13:52, Derek D. Martin wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > At some point hitherto, mike ledoux hath spake thusly: > > > No need for a script, just use 'gpg --refresh-keys'. Also, you might want > > > to start using '--keyserver keyserver.kjsl.com' instead of pgp.mit.edu, > > > as the kjsl keyserver supports multiple subkeys properly. > > > > You must have a newer gpg than I have... > > > > $ gpg --refresh-keys > > gpg: Invalid option "--refresh-keys" > > > > I've also read (albeit quite a while ago) the GPG users manual, and > > there was no mention of such an option... > > > > Thanks for the tip on the keyserver though! > > Am I doing something wrong, here? I've imported Derek's key with: > > gpg --keyserver keyserver.kjsl.com --recv-key 0x81CFE75D > > But now when I click on the lock at the bottom of Derek's message in > evolution, I get: > > This message is digitally signed but can not be proven to be authentic. > > gpg: WARNING: --honor-http-proxy is a deprecated option. > gpg: please use "--keyserver-options honor-http-proxy" instead > gpg: armor header: Version: GnuPG v1.0.6 (GNU/Linux) > gpg: armor header: Comment: For info see http://www.gnupg.org > gpg: Signature made Wed 09 Oct 2002 01:52:26 PM EDT using DSA key ID > 81CFE75D > gpg: BAD signature from "Derek D. Martin (for signing software) > <[EMAIL PROTECTED]>" > > Is the warning message about the deprecated --honor-http-proxy option > screwing up evolution? Or am I forgetting something? I seem to > remember some discussion on this a while ago, but haven't searched the > archives yet. Anyone have a quick answer? > > [SOT=Sorta-On-Topic] > > -- > -Paul Iadonisi > Senior System Administrator > Red Hat Certified Engineer / Local Linux Lobbyist > Ever see a penguin fly? -- Try Linux. > GPL all the way: Sell services, don't lease secrets -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: [Fwd: SOT: Evolution and gpg signature verification (was: Re: updating gpg keys)]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At some point hitherto, Paul Iadonisi hath spake thusly: > > gpg: BAD signature from "Derek D. Martin (for signing software) > > <[EMAIL PROTECTED]>" > > > > Is the warning message about the deprecated --honor-http-proxy option Maybe... Easiest way to find out is to get rid of it. But I don't think that's the problem. IIRC, Evolution only supports PGP-MIME, which I would be more than happy to use, except the rest of the world (besides Mutt) DOES NOT support it. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9pH87djdlQoHP510RAoUxAJ92k75md6RKMypg3iY7aWcW2xJ8BQCfYNot 9htjA7SMAXXYFjn8YwP0Vp4= =WRcW -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: [Fwd: SOT: Evolution and gpg signature verification (was: Re: updating gpg keys)]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At some point hitherto, Paul Iadonisi hath spake thusly: > > gpg: BAD signature from "Derek D. Martin (for signing software) > > <[EMAIL PROTECTED]>" > > > > Is the warning message about the deprecated --honor-http-proxy > > option Maybe... Easiest way to find out is to get rid of it. But I don't think that's the problem. IIRC, Evolution only supports PGP-MIME, which I would be more than happy to use, except the rest of the world (besides Mutt) DOES NOT support it. That might be the problem. Or, it could just be a bug in Evolution. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9pIAcdjdlQoHP510RAimtAKCibvmkmGPJyjvxvf2hwby4kxzvtgCgtWv2 +ZecYg5Wx6He14JI5mo3euE= =WuqU -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: [Fwd: SOT: Evolution and gpg signature verification (was: Re: updating gpg keys)]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At some point hitherto, mike ledoux hath spake thusly: > I may have forgotten to mention in my earlier message that > keyserver.kjsl.com deals with keys that have multiple subkeys properly, > but you need to send your key to it directly in order for it to do so. > If keyserver.kjsl.com gets your key from another keyserver, it can't > do the right thing as the other keyserver has already mangled your key > beyond repair. The fix for this is simple & quick: > > gpg --keyserver keyserver.kjsl.com --send-key I just did this. You may want to try it again. =8^) - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9pIQwdjdlQoHP510RAiG3AJ9E4gqbeILUfSWl+I3kVfLdPuOSKQCfUh+E xaiouT/Pd8tIxhAUjgGY770= =p2j3 -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: [Fwd: SOT: Evolution and gpg signature verification (was: Re:updating gpg keys)]
On Wed, 2002-10-09 at 15:10, Derek D. Martin wrote: [snip] > Maybe... Easiest way to find out is to get rid of it. But I don't > think that's the problem. IIRC, Evolution only supports PGP-MIME, > which I would be more than happy to use, except the rest of the world > (besides Mutt) DOES NOT support it. My guess is that this is what's going on. I re-imported your key from keyserver.kjsl.com and I still have the same problem. I then saved the message to a file and used 'gpg --verify' on the file and it comes back with a good signature. There are warnings about the key not being certified with a trusted signature, but I suspect that has something to do that I only have four keys in my keyring ;-). (I'm just beginning to play around with gpg a little more seriously, which is why I have such a small keyring.) *shrug* I guess I'll do a little googling around and see if I can come up with some kind of workaround. -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: [Fwd: SOT: Evolution and gpg signature verification (was: Re: updating gpg keys)]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At some point hitherto, Derek D. Martin hath spake thusly: > > gpg --keyserver keyserver.kjsl.com --send-key > > I just did this. You may want to try it again. =8^) It didn't help me... when I update my own key, I still get an invalid subkey binding. - -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9pIicdjdlQoHP510RAo+JAJ9l8408PVGRtktYwSpaLh+L+CaXoQCgm06I lt8NYewNDcxETLNFd65G0FY= =hC4t -END PGP SIGNATURE- ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: [Fwd: SOT: Evolution and gpg signature verification (was: Re:updating gpg keys)]
On Wed, 2002-10-09 at 15:56, Paul Iadonisi wrote: [snip] > *shrug* > > I guess I'll do a little googling around and see if I can come up with > some kind of workaround. gnhlug-discuss Well, I just found this very recent thread on this very problem: http://lists.ximian.com/archives/public/evolution/2002-June/019095.html It appears that at least some of the evo developers have no intention of implementing what almost every other (admittedly broken) mailer does: inline pgp decoding. It's not pretty, is against the rfcs, yada, yada, yada, but it means that evo can't inter-operate with most mailers out there with regards to encryption and signing. This is a classic case of what I ranted about recently regarding Gnome 2.0: coders more concerned about their own coding practices and disregarding the end user. I wish the world would follow standards. But sometimes, you just have to deal with what's out there. There is some sign that some of the issues with evo and inline pgp/gpg may be addressed (in the thread referenced above), but I'm not holding my breath for complete inter-operability. -- -Paul Iadonisi Senior System Administrator Red Hat Certified Engineer / Local Linux Lobbyist Ever see a penguin fly? -- Try Linux. GPL all the way: Sell services, don't lease secrets ___ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss