[Announce] GnuPG 2.0.11 released
Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.11. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography. It includes an advanced key management facility and is compliant with the OpenPGP and S/MIME standards. GnuPG-2 has a different architecture than GnuPG-1 (e.g. 1.4.9) in that it splits up functionality into several modules. However, both versions may be installed alongside without any conflict. In fact, the gpg version from GnuPG-1 is able to make use of the gpg-agent as included in GnuPG-2 and allows for seamless passphrase caching. The advantage of GnuPG-1 is its smaller size and the lack of dependency on other modules at run and build time. We will keep maintaining GnuPG-1 versions because they are very useful for small systems and for server based applications requiring only OpenPGP support. GnuPG is distributed under the terms of the GNU General Public License (GPL version 3). GnuPG-2 works best on GNU/Linux or *BSD systems. What's New in 2.0.11 * Fixed a problem in SCDAEMON which caused unexpected card resets. * SCDAEMON is now aware of the Geldkarte. * The SCDAEMON option --allow-admin is now used by default. * GPGCONF now restarts SCdaemon if necessary. * The default cipher algorithm in GPGSM is now again 3DES. This is due to interoperability problems with Outlook 2003 which still can't cope with AES. Getting the Software Please follow the instructions found at http://www.gnupg.org/download/ or read on: GnuPG 2.0.11 may be downloaded from one of the GnuPG mirror sites or direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ . The list of mirrors can be found at http://www.gnupg.org/mirrors.html . Note, that GnuPG is not available at ftp.gnu.org. On the FTP server and its mirrors you should find the following files in the gnupg/ directory: gnupg-2.0.11.tar.bz2 (3763k) gnupg-2.0.11.tar.bz2.sig GnuPG source compressed using BZIP2 and OpenPGP signature. gnupg-2.0.10-2.0.11.diff.bz2 (29k) A patch file to upgrade a 2.0.10 GnuPG source tree. This patch does not include updates of the language files. Note, that we don't distribute gzip compressed tarballs for GnuPG-2. Checking the Integrity == In order to check that the version of GnuPG which you are going to install is an original and unmodified one, you can do it in one of the following ways: * If you already have a trusted version of GnuPG installed, you can simply check the supplied signature. For example to check the signature of the file gnupg-2.0.11.tar.bz2 you would use this command: gpg --verify gnupg-2.0.11.tar.bz2.sig This checks whether the signature file matches the source file. You should see a message indicating that the signature is good and made by that signing key. Make sure that you have the right key, either by checking the fingerprint of that key with other sources or by checking that the key has been signed by a trustworthy other key. Note, that you can retrieve the signing key using the command finger wk ,at' g10code.com or using a keyserver like gpg --recv-key 1CE0C630 The distribution key 1CE0C630 is signed by the well known key 5B0358A2. If you get an key expired message, you should retrieve a fresh copy as the expiration date might have been prolonged. NEVER USE A GNUPG VERSION YOU JUST DOWNLOADED TO CHECK THE INTEGRITY OF THE SOURCE - USE AN EXISTING GNUPG INSTALLATION! * If you are not able to use an old version of GnuPG, you have to verify the SHA-1 checksum. Assuming you downloaded the file gnupg-2.0.11.tar.bz2, you would run the sha1sum command like this: sha1sum gnupg-2.0.11.tar.bz2 and check that the output matches the first line from the following list: 9f71a342c5be686b0dcef082078af693802a558f gnupg-2.0.11.tar.bz2 5cf75b4405ba9ed908b85ef3b614ef06f3a6ab10 gnupg-2.0.10-2.0.11.diff.bz2 Internationalization GnuPG comes with support for 27 languages. Due to a lot of new and changed strings many translations are not entirely complete. Jedi, Maxim Britov, Jaime Suárez and Nilgün Belma Bugüner have been kind enough to go over their translations and thus the Chinese, German, Russian, Spanish, and Turkish translations are pretty much complete. Documentation = We are currently working on an installation guide to explain in more detail how to configure the new features. As of now the chapters on gpg-agent and gpgsm include brief information on how to set up the whole thing. Please watch the GnuPG website for updates of the documentation. In the meantime you may search the GnuPG mailing list archives or ask on the gnupg-users mailing lists
Re: man page typo
On Tue, 3 Feb 2009 20:21, jbr...@me.com said: I think the merge-only applies to --import-options, not -- keyserver-options. Fixed in SVN. Unfortunately I forgot to browse through my mail folders before releasing 2.0.11. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG asks for other card
On Thu, 15 Jan 2009 17:13, patrick_...@fsfe.org said: Everything seems to work, but when I want to sign or decrypt something GPG first asks for the 1st card (the FSFE one) and then after pressing c for about 3 times I can use the OpenPGP card. I don't know which version of gpg you are using. In any case there was a bug in the SCdaemon of 2.0.10 which might be the reason for that. Thus, please test with 2.0.11 and get back to us if you still have problems. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy subkeys to primary key
On Sat, 7 Feb 2009 10:40, i...@ushills.co.uk said: How can I combine them so I have one secret key with both the ELG and RSA subkeys under the primary key. That is possible but requires some manual work. You need to use gpgsplit to break the keys into its parts and combine them later. Then, you need to create a new key binding signature. It is probably easier to create new subkeys and revoke the old subkeys on the other key. IIRC, David posted a description to this ML some time ago; I don't have a reference handy, though. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card not accessible; ctapi-driver option in gpg.conf does the job for me (with cyberjack reader)
On Wed, 11 Feb 2009 13:05, x...@abwesend.de said: I hope I can forward an argument for not dropping (direct?) support for CT/API readers in GnuPG too soon, as Werner often states (and as the ctapi-driver option is also marked as deprecated in the gpg man page). Well, I have no immediate plans to drop the support but I can't test the ctAPI driver. Thus you are on your own if you want to use it. * gpg-agent.conf: disable-scdaemon --- !! * gpg.conf: ctapi-driver libctapi-cyberjack.so reader-port 32768 * gpg.conf: use-agent Maybe this can contribute to solve this kind of problem, which other users might have experienced, too - especially with their Reiner-SCT reader. By disabling the SCdaemon, you use the code included in gpg 1.4. That is the same code as used in scdaemon. The problem you encountered is likely due to problems in Scdaemon 2.0.10 (or earlier). 2.0.11 fixes them for me. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.0.11 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Werner Koch wrote: Hello! We are pleased to announce the availability of a new stable GnuPG-2 release: Version 2.0.11. Hi, GnuPG v2.0.11 has been configured as follows: Platform: GNU/Linux (x86_64-linux-gnu) OpenPGP: yes S/MIME:yes Agent: yes Smartcard: yes (without internal CCID driver) Protect tool: (default) Default agent: (default) Default pinentry: (default) Default scdaemon: (default) Default dirmngr: (default) ~$ gpg2 --version gpg (GnuPG) 2.0.11 libgcrypt 1.4.4 Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB $ gpg-agent gpg-agent: gpg-agent running and available Thank you Werner and the Team, Charly Ubuntu 8.10 64bits under VMware (MacOSX 10.5.6) - gpg 1.4.9 - gpg 2.0.11 - - Thunderbird 2.0.19 - Enigmail nightly 0.96a (20090301-0426) - 0xA57A8EFA -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (GNU/Linux) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJJrWYRAAoJEM3GMi2FW4Pv50wIALbumqsEvvutQXvAWnNg/iKp qj+n8pyGLevmC7uQXUjHb16hKdsqgH6byhBA0vAr3mAjqve07pSL5TtS58GLWSVp KmY+yf8es1CLM2SJyRySfPrqDsWgUuELxi4blYHacmVefLRYO2fnnd7jVYQi+Why jzYIMz4mUxe4gNTyU1Z5GUZc5Vc90L64945PBiRbB2xSkASfH85mNpgA8x3cDXjU YZenNc+czSf6wG1otgDeTwDjDNptBEnYgaFHcTom8sayhhLXOOoAFBWpojxqXI7w 7wKAEaunu1z9sSfLcdMjRtN3F5QCNO7A0clzm6VZilJ4ItYEk9LANx2ba0nh0s4= =ZdPp -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
auto key locate using keyid
Is there a way to have GnuPG automatically retrieve a key for encryption similar to the way the auto-key-locate feature works, but when specifying a keyid instead of an email address? For example, if someone has a key id, but not a key, I would like gpg to automatically pull the key from my configured key server. Background: This is for an automated batch job. Signed keys are updated into our key server. I would like to be able to skip the step where I need to manually load the new key into the batch processor's keyring every time I receive a new key. Recipients are specified using KeyIDs which are stored in a database table based on a customer ID. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
surrendering one's passphrase to authorities
http://www.theregister.co.uk/2009/03/03/encryption_password_ruling/ Hi List, This article caught my eye. One of the things that I gleaned from the article is that it's obvious that law enforcement (at this level) does not have the ability to brute-force crack PGP encrypted data. Instead, the courts are attempting to force the surrender of the passphrase. Apparently the issue has not yet been settled in the US. How are other countries' courts handling this? -Joe ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
Hi, Reference: From: Joseph Oreste Bruni jbr...@me.com Date: Tue, 03 Mar 2009 14:31:13 -0700 Message-id: 63b6c107-1520-484f-9069-bbf387251...@me.com Joseph Oreste Bruni wrote: http://www.theregister.co.uk/2009/03/03/encryption_password_ruling/ Hi List, This article caught my eye. One of the things that I gleaned from the article is that it's obvious that law enforcement (at this level) does not have the ability to brute-force crack PGP encrypted data. Instead, the courts are attempting to force the surrender of the passphrase. Apparently the issue has not yet been settled in the US. How are other countries' courts handling this? There's about 190 countries in the world. There'll be many national mail lists webs eg http://ccc.de forums that discuss encryption politics. Hopefully this list will Not, stick to just the international technology ignore the politics national laws, to keep the traffic down, keep it internationaly relevant. Not that the politics might not be interesting for a while, but it could easily bloat the list trafffic. Cheers, Julian -- Julian Stacey: BSDUnixLinux C Prog Admin SysEng Consult Munich www.berklix.com Mail plain ASCII text. HTML Base64 text are spam. www.asciiribbon.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
On Tue, Mar 03, 2009 at 02:31:13PM -0700, Joseph Oreste Bruni wrote: http://www.theregister.co.uk/2009/03/03/encryption_password_ruling/ Hi List, This article caught my eye. One of the things that I gleaned from the article is that it's obvious that law enforcement (at this level) does not have the ability to brute-force crack PGP encrypted data. Instead, the courts are attempting to force the surrender of the passphrase. Well, maybe. It's also possible that law enforcement does have the ability to get into the encrypted data (by some means - I doubt brute force), but does not want the knowledge of that ability to be made public. (Note, incidentally, that this seems to be the PGP Whole Disk product, rather than a PGP message, a la OpenPGP.) It's an odd case. Law enforcement *knows* what is on the laptop in this case. They saw it there before the computer was powered down (thus locking the drive). They are arguing over whether the protection against self-incrimination (part of the US Bill of Rights, for those who don't live here) even applies - after all, if law enforcement already knows what is there, revealing the contents does not incriminate. Anyway, I, of course, am not a lawyer. Instead, here is a discussion of this case from someone who is: http://volokh.com/posts/chain_1197670606.shtml David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Copy subkeys to primary key
On Tue, Mar 03, 2009 at 05:11:47PM +0100, Werner Koch wrote: On Sat, 7 Feb 2009 10:40, i...@ushills.co.uk said: How can I combine them so I have one secret key with both the ELG and RSA subkeys under the primary key. That is possible but requires some manual work. You need to use gpgsplit to break the keys into its parts and combine them later. Then, you need to create a new key binding signature. It is probably easier to create new subkeys and revoke the old subkeys on the other key. IIRC, David posted a description to this ML some time ago; I don't have a reference handy, though. Is this combining two different secret keys (with different subkeys) or combining two copies of the same secret key (with different subkeys)? If we're talking about the same secret key in both cases, you can do it without any signature trickery. 1) Export both secret keys into files gpg --export-secret-keys 86ECAC0B first.gpg gpg --export-secret-keys --secret-keyring secold.gpg 490CC343 second.gpg 2) Run gpgsplit on the second file. gpgsplit second.gpg 3) Delete the parts you don't want. You only want the subkeys, so delete everything until the first secret subkey packet (i.e. if the first secret subkey is 04, then delete 01, 02, and 03). 4) Merge the keys: cat first.gpg 0* newkey.gpg 5) Delete the current secret key gpg --delete-secret-key 86ECAC0B 6) Bring in the merged key: gpg --import newkey.gpg Obviously, make a backup first! David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
unfortunately, it's likely that certain countries handle this using torture. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
Joseph Oreste Bruni wrote: it's obvious that law enforcement (at this level) does not have the ability to brute-force crack PGP encrypted data. That capability would literally be worth people's lives. It makes no sense to think that they would reveal that capability just to bag a run-of-the-mill child porn aficionado. It seems rash to draw that conclusion from the offered data. Apparently the issue has not yet been settled in the US. How are other countries' courts handling this? For the UK, I believe the Regulation of Investigatory Powers Act (RIPA) is still in effect. Quite a ghastly bill, really. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
On Tue, 3 Mar 2009, David Shaw wrote: This article caught my eye. One of the things that I gleaned from the article is that it's obvious that law enforcement (at this level) does not have the ability to brute-force crack PGP encrypted data. Instead, the courts are attempting to force the surrender of the passphrase. Well, maybe. It's also possible that law enforcement does have the ability to get into the encrypted data (by some means - I doubt brute force), but does not want the knowledge of that ability to be made public. === i would think the FBI (presuming that they're involved) would be able to brute-force a pass-phrase in less than a year. they have the disk, so in all likelihood the weakest link in the chain is the pass-phrase (and that's assuming that there's no cache/tmp files that are not encrypted). does anyone know details about PGPDisk's string-to-key algorithm(s)? kid porn makes this an interesting edge case, because people (judges and juries included) are more likely to ignore the established protections of the 5th amendment (which, IMHO, should apply even to alleged scum or it's meaningless). my suspicion is that authorities have already decrypted the contents of the disk (unless the guy was using a *really* strong pass-phrase) and the case is being pushed to make a precedent out of sometimes it's ok to ignore the 5th amendment. -- ...atom http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 - Religion is what keeps the poor from murdering the rich. -- Napoleon Bonaparte ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
Atom Smasher wrote: i would think the FBI (presuming that they're involved) would be able to brute-force a pass-phrase in less than a year. they have the disk, so in all likelihood the weakest link in the chain is the pass-phrase (and that's assuming that there's no cache/tmp files that are not encrypted). does anyone know details about PGPDisk's string-to-key algorithm(s)? Yes. It's the same as the S2K in OpenPGP, last I checked -- which is specifically designed to make brute forcers slow. Let's say the guy has a passphrase with 64 bits of entropy. Assume you have a massively distributed network and some truly cutting-edge math, you could probably do it in two solid years of work. The RC5 project on distributed.net took 18 months to do 64 bits, but RC5 wasn't designed to be very slow to rekey. Now consider just how many 64-bit keys the US government would like to crack. It probably numbers in the millions. Now consider how high this guy's passphrase stands in the to-do list. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
On Tuesday 03 March 2009 23:26:21 Robert J. Hansen wrote: For the UK, I believe the Regulation of Investigatory Powers Act (RIPA) is still in effect. Quite a ghastly bill, really. Yes. Lot like being tortured ;) -- Richard ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
On Tuesday 03 March 2009 23:26:21 Robert J. Hansen wrote: For the UK, I believe the Regulation of Investigatory Powers Act (RIPA) is still in effect. Quite a ghastly bill, really. Yes. Lot like being tortured ;) -- Richard ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
On Tue, 3 Mar 2009, Robert J. Hansen wrote: Yes. It's the same as the S2K in OpenPGP, last I checked -- which is specifically designed to make brute forcers slow. Let's say the guy has a passphrase with 64 bits of entropy. Assume you have a massively distributed network and some truly cutting-edge math, you could probably do it in two solid years of work. The RC5 project on distributed.net took 18 months to do 64 bits, but RC5 wasn't designed to be very slow to rekey. Now consider just how many 64-bit keys the US government would like to crack. It probably numbers in the millions. Now consider how high this guy's passphrase stands in the to-do list. == most people don't use pass-phrases that strong. in any case, we're talking about something that can realistically be broken in a reasonable amount of time (compared to several times the age of the universe) using real-world technology, not like trying to crack a messages that was intercepted on the wire, and encrypted with 4096 RSA or a 256bit twofish. -- ...atom http://atom.smasher.org/ 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 - Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so. -- Douglas Adams, Last Chance to See ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
Atom Smasher wrote: most people don't use pass-phrases that strong. Let me see if I have this clear: - He knew he was approaching a border - He knew he had child porn on his system - He knew his laptop might be searched at the border - And you think, knowing all this, he'd use a weak passphrase? in any case, we're talking about something that can realistically be broken in a reasonable amount of time If you're talking about a chump who hasn't bothered to think things through, sure. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
On Mar 3, 2009, at 6:04 PM, Atom Smasher wrote: On Tue, 3 Mar 2009, David Shaw wrote: This article caught my eye. One of the things that I gleaned from the article is that it's obvious that law enforcement (at this level) does not have the ability to brute-force crack PGP encrypted data. Instead, the courts are attempting to force the surrender of the passphrase. Well, maybe. It's also possible that law enforcement does have the ability to get into the encrypted data (by some means - I doubt brute force), but does not want the knowledge of that ability to be made public. === i would think the FBI (presuming that they're involved) would be able to brute-force a pass-phrase in less than a year. they have the disk, so in all likelihood the weakest link in the chain is the pass- phrase (and that's assuming that there's no cache/tmp files that are not encrypted). Good point. I was thinking about the session key, which is basically brute forcing proof. The passphrase would indeed be an easier attack. The lawyer discussion I posted (http://volokh.com/posts/chain_1197670606.shtml ) suggests that law enforcement did try to guess (his word) the passphrase. Guessing could be anything from trying two or three passphrases before giving up to running a list of common passphrases against it. For all we know, they're still running the passphrase guesser right now. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: surrendering one's passphrase to authorities
On Tue, Mar 03, 2009 at 07:31:03PM -0500, Robert J. Hansen wrote: Atom Smasher wrote: most people don't use pass-phrases that strong. Let me see if I have this clear: - He knew he was approaching a border - He knew he had child porn on his system - He knew his laptop might be searched at the border - And you think, knowing all this, he'd use a weak passphrase? This particular fellow was not necessarily the brightest bulb in the bunch. Remember that he also waived his Miranda rights (for the non US readers: see Wikipedia for the details, but this is the You have the right to remain silent, etc speech that you've probably seen on US television and movies), and willingly showed the decrypted disk, child porn and all to the border agents. It was only after his arrest and the accidental re-encryption of the disk did this passphrase issue arise. in any case, we're talking about something that can realistically be broken in a reasonable amount of time If you're talking about a chump who hasn't bothered to think things through, sure. There is, of course, a dramatic difference between how someone may act when they're setting up their encryption at home and have time to think things through, and how they may act when caught transporting child porn over a border. Even so, there are many things he could have done to try and hide his illegal material *before* approaching the border. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpgsm key creation problem
I'm new in gpgsm and I would like to test X.509 and S/MIME style encryption. Then I tried the classical --gen-key option to generate a new keypair, but this error appears. What's wrong? $ gpgsm --gen-key gpgsm (GnuPG) 2.0.7; Copyright (C) 2007 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA (2) Existing key (3) Existing key from card Your selection? 1 What keysize do you want? (2048) Requested keysize is 2048 bits Possible actions for a RSA key: (1) sign, encrypt (2) sign (3) encrypt Your selection? 1 Enter the X.509 subject name: CN=Test Enter email addresses (end with an empty line): t...@test.invalid Enter DNS names (optional; end with an empty line): Enter URIs (optional; end with an empty line): Parameters to be used for the certificate request: Key-Type: RSA Key-Length: 2048 Key-Usage: sign, encrypt Name-DN: CN=Test Name-Email: t...@test.invalid Really create request? (y/N) y Now creating certificate request. This may take a while ... gpgsm: line 1: key generation failed: Unknown IPC command GpgSM gpgsm: error creating certificate request: Unknown IPC command GpgSM ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: auto key locate using keyid
On Mar 3, 2009, at 12:27 PM, Joseph Oreste Bruni wrote: Is there a way to have GnuPG automatically retrieve a key for encryption similar to the way the auto-key-locate feature works, but when specifying a keyid instead of an email address? For example, if someone has a key id, but not a key, I would like gpg to automatically pull the key from my configured key server. This is not currently possible. It seems like it should be (the principle of least surprise dictates that it should work with anything that can be passed to '-r'). Let me think about this a bit. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users