Looking for a good port80 static-DNS keyserver
So I've been "advertising" keys.gnupg.net as the place to get my key for a while now, but the round-robin DNS is kind of bugging me. I understand the purpose of it, but it's kind of a crap shoot: not infrequently, the address maps to a server that's down or buggy. I'd rather have one dedicated address for an sks I can use and refer others to, preferably one that's available on port 80. Any suggestions? Thanks, -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkeys...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Even better than that, you can CHANGE the expiration date on the
subkey that has no expiration date to anything you like. You can extend
the date out further or cut it short. But, this will effect only your
key, and not the copies of your key that everyone else has. It might
be better to revoke your old subkey and spread the revokation far and
wide. And then, as you say, make a new subkey.
Hank Gupton ("node8080")
OpenPGP Key 0x0F4D885E
"All generalizations are dangerous, even this one."
Allen Schultz wrote:
> I made a key with default settings. Can I delte the encrypting
> subkey that has not expiration date and remake one with an
> expiration date?
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkn3wWwACgkQ1tcQ5wnF2P0yOgCfTJevQpmzk6itFJWh+ZrWuFLN
up8Animl9ifDZofN+zF6mX6z2r5k9TjD
=Ny48
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkeys...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Even better than that, you can CHANGE the expiration date on the
subkey that has no expiration date to anything like. You can extend
the date out further or cut it short. But, this will effect only your
key, and not the copies of your key that everyone else has. It might
be better to revoke your old subkey and spread the revokation far and
wide. And then, as you say, make a new subkey.
Hank Gupton ("node8080")
OpenPGP Key 0x0F4D885E
"All generalizations are dangerous, even this one."
Allen Schultz wrote:
> I made a key with default settings. Can I delte the encrypting
> subkey that has not expiration date and remake one with an
> expiration date?
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkn3uXMACgkQtYl5pQ9NiF7rjQCgsbuLsXo3sMPPPBHabRiGbe/7
HlAAnRb8nHgERGSSgNtXAL7uAoRrtDWq
=85kR
-END PGP SIGNATURE-
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
How easy would it be to create (and prevent the creation of) a fake pinentry?
Hi GnuPG users, I'm a happy user of PGP and the GPG agent with it's little friend the GTK pinentry program to facilitate usage. I've been starting to wonder, though, how easy it would be to fake a GPG pinentry window. Let me explain: having several background-ish applications making use of the agent, it happens that the pinentry sometimes pops out when the passphrase cache has expired. One of my first concerns is that there's no way to identify which application actually needs to use my PGP key. This one seems to be partially addressed in [0], as the application could set the title of the pinentry program. However, I can't see any reason why a malicious applications couldn't set the title to some valid application in order to be able to use my key without my consent. This leads me to a generalization of the problem: how easy would it be to create a pinentry-lookalike program, pretending to be called by a valid application in order to steal a user's passphrase? And, then, how can that be prevented? (I mean beside the obvious “don't get your computer hacked” solution) Thanks in advance for your insight. PS: please CC me on any answer as I'm not subscribed to the list. [0] https://bugs.g10code.com/gnupg/issue966 -- Olivier Mehani PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1 pgpMMk2n6tMSO.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How easy would it be to create (and prevent the creation of) a fake pinentry?
On Wednesday 29 April 2009 12:09:02 Olivier Mehani wrote: > Let me explain: having several background-ish applications making use of > the agent, it happens that the pinentry sometimes pops out when the > passphrase cache has expired. One of my first concerns is that there's > no way to identify which application actually needs to use my PGP key. > This one seems to be partially addressed in [0], as the application > could set the title of the pinentry program. The pinentry should only pop up when the application actually needs the key do do something. If pinentry pops up without you doing someting that requires your secret key, you should be worried. And the problem is not specific to pinentry: in order to steal passphrases on the console you could as well install a gpg wrapper script or binary. > And, then, how can that be prevented? (I mean beside the obvious “don't > get your computer hacked” solution) I think if someone has this kind of control (executing arbitrary code on your machine), there is no way to prevent passphrase stealing. Am I wrong here? Raimar ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkeys...
On Wed, 29 Apr 2009 14:09:52 Faramir wrote: > I think he is > implementing the tutorial about how to store the main keys at a safe > place, and keep the subkeys for daily usage. Which TUT is that? Felipe signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How easy would it be to create (and prevent the creation of) a fake pinentry?
On Wed, Apr 29, 2009 at 03:31:51PM +0200, Raimar Sandner wrote: > On Wednesday 29 April 2009 12:09:02 Olivier Mehani wrote: > > > Let me explain: having several background-ish applications making use of > > the agent, it happens that the pinentry sometimes pops out when the > > passphrase cache has expired. One of my first concerns is that there's > > no way to identify which application actually needs to use my PGP key. > > This one seems to be partially addressed in [0], as the application > > could set the title of the pinentry program. > > The pinentry should only pop up when the application actually needs the key > do > do something. If pinentry pops up without you doing someting that requires > your secret key, you should be worried. ...like, for example, your OpenPGP-powered Jabber client suddenly needing to reconnect after something happened to the network and you simply didn't notice? :> G'luck, Peter -- Peter Pentchev r...@ringlet.netr...@space.bgr...@freebsd.org PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 Hey, out there - is it *you* reading me, or is it someone else? pgpG8GEpkVixm.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How easy would it be to create (and prevent the creation of) a fake pinentry?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday 29 April 2009 15:40:47 Peter Pentchev wrote: > On Wed, Apr 29, 2009 at 03:31:51PM +0200, Raimar Sandner wrote: > > On Wednesday 29 April 2009 12:09:02 Olivier Mehani wrote: > > > Let me explain: having several background-ish applications making use > > > of the agent, it happens that the pinentry sometimes pops out when the > > > passphrase cache has expired. One of my first concerns is that there's > > > no way to identify which application actually needs to use my PGP key. > > > This one seems to be partially addressed in [0], as the application > > > could set the title of the pinentry program. > > > > The pinentry should only pop up when the application actually needs the > > key do do something. If pinentry pops up without you doing someting that > > requires your secret key, you should be worried. > > ...like, for example, your OpenPGP-powered Jabber client suddenly > needing to reconnect after something happened to the network and > you simply didn't notice? :> Ok, granted there are situations when pinentry pops up without your action. Now that you mention it, this happened quite often to me (uppon receiving an encrypted message though, not on reconnect of the client) before I used OTR for instant messaging :D Raimar -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (GNU/Linux) iEYEARECAAYFAkn4YJEACgkQVsSSMllCZClffgCeN9bcIf7FGeNAdh2x5+rQJPcN oCEAn3bET0TLH0dZid+5yym74fKYfesz =Y0OZ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
WinPT & Enigmail don't show the same keys
I was under the impression that GnuPG kept track of everything, but I noticed that Windows Privacy Tray and Enigmail do not always show the same keys. Both are accessing the correct version of GPG (C:\Program Files\GNU\GnuPG\gpg.exe), and at least WinPT knows where the GnuPG keyrings are (C:\Users\chesky\AppData\Roaming\gnupg). Can someone explain to me what’s going on with my system? —Joel Salomon signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: WinPT & Enigmail don't show the same keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Joel C. Salomon wrote: > I was under the impression that GnuPG kept track of everything, but I > noticed that Windows Privacy Tray and Enigmail do not always show the > same keys. > > Both are accessing the correct version of GPG (C:\Program > Files\GNU\GnuPG\gpg.exe), and at least WinPT knows where the GnuPG > keyrings are (C:\Users\chesky\AppData\Roaming\gnupg). > > Can someone explain to me what’s going on with my system? While this Question more properly belongs on the Enigmail List [https://www.mozdev.org/mailman/listinfo/enigmail ] I shall ask at this time if You clicked on 'Refresh Keys' in the Enigmail Key Management window? JOHN ;) Timestamp: Wednesday 29 Apr 2009, 11:13 --400 (Eastern Daylight Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10-svn4987: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ+G7CAAoJEBCGy9eAtCsPxD0IAKDIAKjR1NHsQlArWkeRkcUb 8NrHxvEt0Hk8dDaCzm9OaqNZnbsCoHFrF6cRteHmi7LeJLgDToGdIaLXhXM0c5sK B/xJTysLo3LLDsaDoSsXaxAOaGkGVgRjSu8adPtPbh9DXb7jrz0IKomRoSTD6KYR J3Fu9AMJm4PC0CyZhgXqzbsgIwiJ/qlld6GhwdVpqklA5zs2oC8TPdsl/tpc1wlq wpqBmXmgFjb/nXC7r/fji8wPcJb3x0+YFMaSCtjnCnPoluvlapNi+KOuHJLrtBH6 w3BAd08Kct3dLtRGbXx/fMpzSj8kZJGkMLKNO2fHT3MM2dQU9cLFeP0KQYyg6js= =FGvf -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Help! Please with decryption failed: No secret key (gpg in batch mode)
Hi all, Sorry to insist but I really need someone that can answer my question. Why a running process cannot decrypt a file while the very same shell script invoked within a ssh session does it? Please! With my best regards. Gerard. -Original Message- From: Schrago, Gerard Sent: mardi, 28. avril 2009 17:19 To: 'gnupg-users@gnupg.org' Subject: Help with GPG in batch mode Hi all, Help needed in the following issue; I hope not to bother anyone but I need an advise from an expert. If the verbose provided by the --debug-level guru would be of some help I can send it in a further mail. I have to use GnuPG in batch mode to enable a running process to decrypt encrypted file. If I run the shell script through ssh (with the specific user that was previously used to set the keys and has its proper .gnupg directory) this works fine despite the following warning: WARNING: message was not integrity protected. But if I have the running process invoking the very same script, the response is: gpg: encrypted with RSA key, ID 911633C3 gpg: decryption failed: No secret key I have then tried to modify the script to define home directory using --homedir and I got the following: gpg: WARNING: unsafe permissions on homedir `/home/superagt/'" gpg: keyring `/home/superagt//secring.gpg' created gpg: keyring `/home/superagt//pubring.gpg' created gpg: encrypted with RSA key, ID 911633C3 gpg: decryption failed: No secret key It is to note that I see neither in /home/superagt/ nor in /home/superagt/.gnupg/ the secring.gpg pubring.gpg announced. Thanks per advance for your help and support. With my best regards. Gérard Schrago ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help! Please with decryption failed: No secret key (gpg in batch mode)
Your automated process is not running with the same home directory as your login shell. -Joe On Apr 29, 2009, at 8:24 AM, Schrago, Gerard wrote: Hi all, Sorry to insist but I really need someone that can answer my question. Why a running process cannot decrypt a file while the very same shell script invoked within a ssh session does it? Please! With my best regards. Gerard. -Original Message- From: Schrago, Gerard Sent: mardi, 28. avril 2009 17:19 To: 'gnupg-users@gnupg.org' Subject: Help with GPG in batch mode Hi all, Help needed in the following issue; I hope not to bother anyone but I need an advise from an expert. If the verbose provided by the --debug-level guru would be of some help I can send it in a further mail. I have to use GnuPG in batch mode to enable a running process to decrypt encrypted file. If I run the shell script through ssh (with the specific user that was previously used to set the keys and has its proper .gnupg directory) this works fine despite the following warning: WARNING: message was not integrity protected. But if I have the running process invoking the very same script, the response is: gpg: encrypted with RSA key, ID 911633C3 gpg: decryption failed: No secret key I have then tried to modify the script to define home directory using --homedir and I got the following: gpg: WARNING: unsafe permissions on homedir `/home/superagt/'" gpg: keyring `/home/superagt//secring.gpg' created gpg: keyring `/home/superagt//pubring.gpg' created gpg: encrypted with RSA key, ID 911633C3 gpg: decryption failed: No secret key It is to note that I see neither in /home/superagt/ nor in /home/ superagt/.gnupg/ the secring.gpg pubring.gpg announced. Thanks per advance for your help and support. With my best regards. Gérard Schrago ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help! Please with decryption failed: No secret key (gpg in batch mode)
> I have to use GnuPG in batch mode to enable a running process to decrypt > encrypted file. If I run the shell script through ssh (with the specific > user that was previously used to set the keys and has its proper .gnupg > directory) this works fine despite the following warning: WARNING: message > was not integrity protected. > But if I have the running process invoking the very same script, the > response is: gpg: encrypted with RSA key, ID 911633C3 > gpg: decryption failed: No secret key > I have then tried to modify the script to define home directory using > --homedir and I got the following: gpg: WARNING: unsafe permissions on > homedir `/home/superagt/'" If the secring.gpg containing your secret key lies in /home/superagt/.gnupg then you should use --homedir /home/superagt/.gnupg, but I suspect this is not the correct path to your secret key, right? > gpg: keyring `/home/superagt//secring.gpg' created > gpg: keyring `/home/superagt//pubring.gpg' created > gpg: encrypted with RSA key, ID 911633C3 > gpg: decryption failed: No secret key > It is to note that I see neither in /home/superagt/ nor in > /home/superagt/.gnupg/ the secring.gpg pubring.gpg announced. Thanks per > advance for your help and support. Where lies the secret key you are trying to use? Is the script executed by the same user who has access to the secret key? Raimar signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for a good port80 static-DNS keyserver
On Wed, Apr 29, 2009 at 11:21 AM, John Clizbe wrote: > Brian Mearns wrote: >> So I've been "advertising" keys.gnupg.net as the place to get my key >> for a while now, but the round-robin DNS is kind of bugging me. I >> understand the purpose of it, but it's kind of a crap shoot: not >> infrequently, the address maps to a server that's down or buggy. I'd >> rather have one dedicated address for an sks I can use and refer >> others to, preferably one that's available on port 80. Any >> suggestions? > > Curious which ones are showing up as "buggy"? There's a flaw in one > specific search case with SKS 1.0.10. 1.1.x is safe as is 1.0.9 > > See http://www.pramberger.at/peter/services/keyserver/network/ > > EKP is an email protocol > > also http://sks-keyservers.net/status/ from where > hkp://pool.sks-keyservers.net is constructed > > I use (operate) the one in the sig block below > -- > John P. Clizbe Inet:John (a) Mozilla-Enigmail.org > You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or > mailto:pgp-public-k...@gingerbear.net?subject=help > > Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" > A:"An odd melody / island voices on the winds / surplus of vowels" > Thanks, John. I was unaware of the status page, I think that will be helpful. I'm not sure offhand which servers have been "buggy", but I believe I've connected to http://keys.gnupg.net/ in the past and been presented with a blank page, for instance. Is it considered impolite to advertise one specific keyserver (like gingerbear, for instance) in my sig? -Brian -- Feel free to contact me using PGP Encryption: Key Id: 0x3AA70848 Available from: http://keys.gnupg.net ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: WinPT & Enigmail don't show the same keys
John W. Moore III wrote: > Joel C. Salomon wrote: > > I was under the impression that GnuPG kept track of everything, but I > > noticed that Windows Privacy Tray and Enigmail do not always show the > > same keys. > > > > Both are accessing the correct version of GPG (C:\Program > > Files\GNU\GnuPG\gpg.exe), and at least WinPT knows where the GnuPG > > keyrings are (C:\Users\chesky\AppData\Roaming\gnupg). > > > > Can someone explain to me what's going on with my system? > > While this Question more properly belongs on the Enigmail List > [https://www.mozdev.org/mailman/listinfo/enigmail] > I shall ask at this time if You clicked on 'Refresh Keys' in the > Enigmail Key Management window? Actually, I was noticing that WinPT was not showing keys that Enigmail -- and GnuPG -- knew about. If I tried importing the key through the WinPT interface I was told that "nothing has changed". Turns out these were keys I'd just seen in my current online session, and which Enigmail had added to my keyring, but WinPT wasn't updating its keylist. —Joel Salomon signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: WinPT & Enigmail don't show the same keys
Joel C. Salomon wrote: > John W. Moore III wrote: >> Joel C. Salomon wrote: >> > I was under the impression that GnuPG kept track of everything, but I >> > noticed that Windows Privacy Tray and Enigmail do not always show the >> > same keys. >> > Can someone explain to me what's going on with my system? >> >> I shall ask at this time if You clicked on 'Refresh Keys' in the >> Enigmail Key Management window? > > Actually, I was noticing that WinPT was not showing keys that Enigmail > -- and GnuPG -- knew about. If I tried importing the key through the > WinPT interface I was told that "nothing has changed". > > Turns out these were keys I'd just seen in my current online session, > and which Enigmail had added to my keyring, but WinPT wasn't updating > its keylist. Neither of those operate directly on the actual keyring but an extract of info from the keyring, which is why both have "refresh" menu options. GPGshell is the same way in this regard. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for a good port80 static-DNS keyserver
On Apr 29, 2009, at 9:03 AM, Brian Mearns wrote: So I've been "advertising" keys.gnupg.net as the place to get my key for a while now, but the round-robin DNS is kind of bugging me. I understand the purpose of it, but it's kind of a crap shoot: not infrequently, the address maps to a server that's down or buggy. I'd rather have one dedicated address for an sks I can use and refer others to, preferably one that's available on port 80. Any suggestions? Why not just throw the key onto a web server and point people at it that way? Part of the usefulness of a keyserver is to find keys that you don't know how to get otherwise. In your case, you are telling people where to get it so that doesn't apply. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for a good port80 static-DNS keyserver
Brian Mearns wrote:
>
> Thanks, John. I was unaware of the status page, I think that will be
> helpful. I'm not sure offhand which servers have been "buggy", but I
> believe I've connected to http://keys.gnupg.net/ in the past and been
> presented with a blank page, for instance.
Not all servers provide a web page, even if they listen on that port
Keyserver ops ({hkp,http}:///pks/...) should work fine
> Is it considered impolite to advertise one specific keyserver (like
> gingerbear, for instance) in my sig?
No, but replying to a direct message sent only to you via the mailing
list would be. ;-)
BTW, keyserver.gingerbear.net is a "mostly static" IP address. I never
know when Time-Warner will flip me into another net block. But it's
usually detected and DNS updated fairly soon after.
pool.sks-keyservers.net is what "I" prefer users advertise.
Once a key (or a key mod) is on one SKS server, it's spread to the rest
within a few minutes
You may also set preferred keyserver URL on your key. Details in the man
page.
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-k...@gingerbear.net?subject=help
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
FW: Help! Please with decryption failed: No secret key (gpg in batch mode)
Hi All, Thanks to Rainar Sandner and Joseph Oreste Bruni who helped me to reconsider the whole chain in my running process, the problem is solved. The problem was that the process invoking the shell script was running on a different machine and it has been solved in setting the --home-dir to effectively point to the server directory. Thanks and best regards. Gérard. -Original Message- From: Schrago, Gerard Sent: mercredi, 29. avril 2009 17:24 To: 'gnupg-users@gnupg.org' Subject: Help! Please with decryption failed: No secret key (gpg in batch mode) Hi all, Sorry to insist but I really need someone that can answer my question. Why a running process cannot decrypt a file while the very same shell script invoked within a ssh session does it? Please! With my best regards. Gerard. -Original Message- From: Schrago, Gerard Sent: mardi, 28. avril 2009 17:19 To: 'gnupg-users@gnupg.org' Subject: Help with GPG in batch mode Hi all, Help needed in the following issue; I hope not to bother anyone but I need an advise from an expert. If the verbose provided by the --debug-level guru would be of some help I can send it in a further mail. I have to use GnuPG in batch mode to enable a running process to decrypt encrypted file. If I run the shell script through ssh (with the specific user that was previously used to set the keys and has its proper .gnupg directory) this works fine despite the following warning: WARNING: message was not integrity protected. But if I have the running process invoking the very same script, the response is: gpg: encrypted with RSA key, ID 911633C3 gpg: decryption failed: No secret key I have then tried to modify the script to define home directory using --homedir and I got the following: gpg: WARNING: unsafe permissions on homedir `/home/superagt/'" gpg: keyring `/home/superagt//secring.gpg' created gpg: keyring `/home/superagt//pubring.gpg' created gpg: encrypted with RSA key, ID 911633C3 gpg: decryption failed: No secret key It is to note that I see neither in /home/superagt/ nor in /home/superagt/.gnupg/ the secring.gpg pubring.gpg announced. Thanks per advance for your help and support. With my best regards. Gérard Schrago ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkeys...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Felipe Alvarez escribió: > On Wed, 29 Apr 2009 14:09:52 Faramir wrote: >> I think he is >> implementing the tutorial about how to store the main keys at a safe >> place, and keep the subkeys for daily usage. > > Which TUT is that? This one http://tjl73.altervista.org/secure_keygen/en/index.html By the way, I saw your message is signed, but I couldn't locate a copy of your public key... Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ+IQ5AAoJEMV4f6PvczxAk7UH/0p7Da7cNrGIP2a5TbrVqjv7 cF0ZpA1yTD1B8QVn+MPg8igcR3Jm6SNQQmzG+fdJ85uH0Wr6XY0Zu2rkVFgDlCZC gPJVphwiw04wizGgS5B+H5DEtuZEs+RucKTTDhhS/pV13T+a2IA51iDITlmeq/QE Aer6mxgvZsrgkPgUVT8Nni9vSm0zAcb0WDGeMJU1nOGiX0Z/z+oq65dKnXGd7tYQ 5jmkjTBlJPf+unw4HX67SrUH4Vkdv8UKCSUYN+BkjrN3TFEZvtb/FXOTnyJEKobw I7MmH/7QK6QnmcJFEV/n4swJVzhLT7UEYmEECTW/bfHguGKUQocwN2ti9lpa7Ww= =NeUa -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Looking for a good port80 static-DNS keyserver
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Brian Mearns wrote: > Is it considered impolite to advertise one specific keyserver (like > gingerbear, for instance) in my sig? Not at all! In fact, many use a Comment line to direct folks to Big Lumber or their Own Web page to locate their Key. JOHN 8-) Timestamp: Wednesday 29 Apr 2009, 15:40 --400 (Eastern Daylight Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10-svn4987: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ+K1HAAoJEBCGy9eAtCsProEH/0ifoMeeBMqV+Nmthn9sTlAS PNmCQLGKbgVHlgRt/IQg7UTH2yICkzHNq+HKT45qnmOAWB8mkevzKfcl87I/wTLK Ony7pNXYGH/HOHLam2aKMhBaJcdOhDvAgI1/u87tKWB6tKjEInEtkRFbMVb/CQFz txSQlOXzBHLqWmDl5xJFcL2J+jhHnCaSbz211cRa0KLyIe9/XGWgrqyEIm1xLzhc 9Xah4OUn4lfPPG1PhhWmBHcztccU++Y1tVPh11GJ2/rNm6ZXeQ6DjIM98Q1Pcc6P GUZrqbarufabQbFubqQTZ1/oGC954ER/qUwn32rW0WfexlkyN4cR0wuHlUWP/YU= =LL3f -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Enigmail] Setting trust levels for unknown keys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Allen Schultz escribió: > On Wed, Apr 29, 2009 at 10:22 AM, John Clizbe > wrote: >> If I don't know the purported key owner I select "I don't know." ... > Or better yet, Faramir.cl told me to get CAcert.org's gpg key and sign > it as it is a Certificate Authority. Then you may download a few or > all of the GSIntroducers how have verified and signed other keys. Once > I have done this, over half of my corespondants became Trusted. Yes, and also the GSWoT root key, since that one validates all the GSIntroducers. But what is a good idea for some people, can look like a bad idea to other people, so it's your personal choice to do it or to don't do it... I like these things, because it's unlikely I'll ever assist to a keysigning party at USA or Europe, but with CAcert and GSWoT, I can be a lot more sure about people's identities than by just exchangins some e-mail messages.. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJ+LY9AAoJEMV4f6PvczxAeRQH/jpWHPVpwg8gXUFPbXnQDQS7 X/Ja4z2llSFon4VLToibZIIwMitfcFMwreNMTpQcV/rgPMAgkzpxwk2pFGmEU57/ 97zhGAN60A89spDYsEDuJhwRME8Ia8k+8EyCfrNb3+ejzGvEz2nb9rSp2hcqo3V+ 5WG9U4XqwWe9kJi+SLxGaVjN3RBvaePWpWtEMmedHMt96Y9bFgrZ9u1BfjLSrkM5 dmMzo0mNve6uFc9ckbz58ro4hiUazGUOqQOpkiUNNqHKEYPvKy2avwmAkbibMThv YYD5Xdsm8IGxwLO1rnQYOSqKa/75QS1XUVHbpdCbcDksO10wBD5MjR6z7Qi/QzA= =9sIu -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
compatible? GnuPG & PGP 6.5.8
Is it possible to export a key from GNUPG 1.4.[7,9] and import it into PGP 6.5.8? The purpose is for GNUPG to encrypt a file and PGP to decrypt. I keep coming up toan error of "encrypted session key is bad" on PGP trying to decrypt. Older keys that were imported into PGP have cipher set as CAST, the new keys show IDEA. I have tried to gen-key a 3des one to no avail i know pgp 6.5.8 is older than the hills, i still imagine there is a work around for some type of incompatibility. Thank You. RS ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: compatible? GnuPG & PGP 6.5.8
Rasta Surfer wrote: > Is it possible to export a key from GNUPG 1.4.[7,9] and import it into > PGP 6.5.8? Yes, but it's generally easier to go the other way around. You'll find that route to be much easier. > i know pgp 6.5.8 is older than the hills, i still imagine there is a > work around for some type of incompatibility. Most people in the OpenPGP community will strongly advise you against using PGP 6.5.8, for very good reasons. I'm one of them. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Subkeys...
On Thu, 30 Apr 2009 02:45:45 Faramir wrote: > By the way, I saw your message is signed, but I couldn't locate a copy > of your public key... Sorry about that. My comment below should contain the URL for the key. I still new to this, and weary about uploading my public key on keyservers. Last time I did that (the first time ever) i didn't create a revocation cert, and I lost/forgot my password. They will expire I think in one year (at public key server) but I'm afraid I might doing something wrong and much the whole thing up. That's why I just host my pub key at my site. AND this discussion of reliable and fast key servers has got me nervous again. http://www.felipe1982.com/gpg/felipe_alvarez_public_key signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
