Re: gpg2 says No Secret Key, gpg1.x says there is
gpg2 requires gpg-agent to be available (installed and configured). When it is not, the error warning is usually ...secret key not available. Hope this helps Charly Sent from my iPhone On May 8, 2010, at 22:14, Andreas Mattheiss please.p...@publicly.invalid wrote: Hello, for some time gpg2 from subversion has been giving me grief, claiming there was no secret key, while gpg1.xxx says there is: highscreen [21:08] [/raidtest/CVS/gnupg] # 44 g10/gpg2 --version gpg (GnuPG) 2.1.0-svn5320 libgcrypt 1.5.0-svn1429 Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 highscreen [21:09] [/raidtest/CVS/gnupg] # 46 g10/gpg2 ~/.cshrc.asc gpg: encrypted with 1024-bit ELG key, ID D8F9277B, created 2001-07-15 Andreas Mattheiss a gpg: decryption failed: No secret key But gpg1.xxx, also from svn, says: highscreen [21:11] [/raidtest/CVS/gnupg] # 50 gpg --version gpg (GnuPG) 1.4.11-svn5308 Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: highscreen [21:11] [/raidtest/CVS/gnupg] # 51 gpg ~/.cshrc.asc You need a passphrase to unlock the secret key for user: Andreas Mattheiss a. 1024-bit ELG-E key, ID D8F9277B, created 2001-07-15 (main key ID 10F7D537) Uncompressed, ZIP, ZLIB, BZIP2 This has been going on for about half a year now. libassuen friends are all from svn. Any suggestions/workarounds/explanations are welcome. Andreas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help me to import my secret key please
Bad news yes. But well, nobody's dead. It's even quite funny in fact, thinking about how often I repeat to everybody that they need to make backup of everything. This key is the only thing I loose, I will juste made another one. And no, I don't have the revocation certificate :( But I think it's not too bad, because nobody had access to this private key. I just loose it... Small and last question, If I make a new key, with the same email inside, will I be able to send it on servers ? (because they already got the old one...) Thanks a lot for your time. I'm afraid these are not the same key :( The former key is a 4096-bit RSA key. The latter key is a 1024-bit DSA key with a 4096-bit ElGamal subkey bound to it. Also, the former key has an X.509 certificate assoiated with it, while the latter keys are bound to your identity via OpenPGP certification. While it's possible to have both X.509 certificates and OpenPGP certificates from the same key (we're doing it for TLS servers in the monkeysphere project), it's not common. And in your case, it's not what you've done anyway, since these are clearly different keys because of their different keylengths and algorithms. If you have no way of recovering your old ~/.gnupg/secring.gpg, you have most likely lost control of your old key. In that case, i recommend publishing the revocation certificate you created when you made your key (hoping that you have such an old revocation certificate for 1F03B55A stored someplace accessible to you). Sorry to be the bearer of bad news, --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help me to import my secret key please
Yes, you can gnerate a new key pair with the same user ID email, the key server will accept it. Do not forget to generate a revocation certificate and to store in a safe place. You might want to indicate in the comment of the new key that the previous key (key ID) is not usable, if yoi plan to upload the new public key to a key server Charly Sent from my iPhone On May 9, 2010, at 10:31, Stephane Dupuis ho...@free.fr wrote: Bad news yes. But well, nobody's dead. It's even quite funny in fact, thinking about how often I repeat to everybody that they need to make backup of everything. This key is the only thing I loose, I will juste made another one. And no, I don't have the revocation certificate :( But I think it's not too bad, because nobody had access to this private key. I just loose it... Small and last question, If I make a new key, with the same email inside, will I be able to send it on servers ? (because they already got the old one...) Thanks a lot for your time. I'm afraid these are not the same key :( The former key is a 4096-bit RSA key. The latter key is a 1024-bit DSA key with a 4096-bit ElGamal subkey bound to it. Also, the former key has an X.509 certificate assoiated with it, while the latter keys are bound to your identity via OpenPGP certification. While it's possible to have both X.509 certificates and OpenPGP certificates from the same key (we're doing it for TLS servers in the monkeysphere project), it's not common. And in your case, it's not what you've done anyway, since these are clearly different keys because of their different keylengths and algorithms. If you have no way of recovering your old ~/.gnupg/secring.gpg, you have most likely lost control of your old key. In that case, i recommend publishing the revocation certificate you created when you made your key (hoping that you have such an old revocation certificate for 1F03B55A stored someplace accessible to you). Sorry to be the bearer of bad news, --dkg ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help me to import my secret key please
On 05/09/2010 04:40 AM, Charly Avital wrote: Yes, you can gnerate a new key pair with the same user ID email, the key server will accept it. Do not forget to generate a revocation certificate and to store in a safe place. Yup, Charly is correct about this. You can actually have as many keys as you like with the same UID in the public keyservers. You might want to indicate in the comment of the new key that the previous key (key ID) is not usable, if yoi plan to upload the new public key to a key server I'm not sure exactly what Charly means here, but i strongly recommend you do *not* put this kind of remark in the comment section of the User ID for your new key (between the name and the e-mail). A better approach is to make a key transition document that describes the situation, sign it with the new key, and post it publicly. For example: http://fifthhorseman.net/key-transition-2007-06-15.txt (if you still had access to your old key, you could have signed the transition statement with it too) So why do i think you shouldn't put it in the comment section of your new User ID? Your User ID is the linkage between your key and your real-world identity. When you ask people to sign your key, you are asking them to certify (a) that this key belongs to you, and (b) that they believe this User ID does really belong to you too. If your User ID contains a string that does not really relate to you, you're asking people to certify something unusual and potentially meaningless. Also, consider the situation 5 years from now -- hopefully you'll still be able to use the key you made today. Do you really want a remark about this legacy key to follow you for 5 years? Lastly, since you can't revoke the old key outright, you might consider contacting everyone who has already certified it and asking them to revoke their signatures on the key. You can point them to your published key transition document as a start, but you'll probably want to also contact them offline -- this is also a good opportunity for you to ask them to certify your new key. That way, in the future, there will be no valid certifications on your old key, and which key people should choose for you should become clearer. Regards, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help me to import my secret key please
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 9 May 2010 at 9:40:31 AM, in mid:373bfefa-e986-4d76-a290-4e7ff3a54...@mac.com, Charly Avital wrote: Yes, you can gnerate a new key pair with the same user ID email, the key server will accept it. An exception: hushmail.com's server; you will need to email and tell them to delete it before uploading another with the same email address in the UID to them. - -- Best regards MFPAmailto:expires2...@ymail.com Keep them dry and don't feed them after midnight -BEGIN PGP SIGNATURE- iQCVAwUBS+bP6aipC46tDG5pAQqzuwP+PBDSOnpgK0eq0W5mF/sMM8QyLaxexprs i+vn7te9Ff2XUYF09PiDJiAghfotZFSAuWsH6MMQEc6O6ORTaPn2wl4X46EGcLYV HDqgWBzdhxyWUumbWxtLk4G1Xpfv9mCTmnyapzIbSbkn0d29dOTk8fCBoc/k5g5A 5Y9yra4XPHY= =0mKy -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help me to import my secret key please
Daniel Kahn Gillmor wrote the following on 5/9/10 9:33 AM: On 05/09/2010 04:40 AM, Charly Avital wrote: Yes, you can gnerate a new key pair with the same user ID email, the key server will accept it. Do not forget to generate a revocation certificate and to store in a safe place. Yup, Charly is correct about this. You can actually have as many keys as you like with the same UID in the public keyservers. You might want to indicate in the comment of the new key that the previous key (key ID) is not usable, if you plan to upload the new public key to a key server I'm not sure exactly what Charly means here, I mean what I have seen done by many users who couldn't revoke their key (either because they had lost the secret key, or had forgotten the passphrase). It is not my invention :-) KeyA is compromised, or lost, and cannot be revoked. The new key, KeyB *might* include in its comments something like: KeyA unusable but i strongly recommend you do *not* put this kind of remark in the comment section of the User ID for your new key (between the name and the e-mail). A better approach is to make a key transition document that describes the situation, sign it with the new key, and post it publicly. For example: http://fifthhorseman.net/key-transition-2007-06-15.txt Great text, and great approach. One has to hope that people will actually read it. I mean, it's a long text. But definitely a good approach, much more orthodox than the comment approach, which, I repeat, I have seen often used. But often is not a sufficient criteria for good. (if you still had access to your old key, you could have signed the transition statement with it too) So why do i think you shouldn't put it in the comment section of your new User ID? Your User ID is the linkage between your key and your real-world identity. When you ask people to sign your key, you are asking them to certify (a) that this key belongs to you, and (b) that they believe this User ID does really belong to you too. If your User ID contains a string that does not really relate to you, The string would relate to the user, it's all a matter of choosing the right wording (very short). you're asking people to certify something unusual and potentially meaningless. Not unusual (but again I say, usual is not a proof of goodness). Not potentially meaningless, because the meaning is clear: *that* key is not usable. Also, consider the situation 5 years from now -- hopefully you'll still be able to use the key you made today. Do you really want a remark about this legacy key to follow you for 5 years? I wouldn't mind. Lastly, since you can't revoke the old key outright, you might consider contacting everyone who has already certified it and asking them to revoke their signatures on the key. This is a good approach, although it might taint the key. Users wouldn't know why signers have revoked their signature, unless they care to read the transition document. You can point them to your published key transition document as a start, but you'll probably want to also contact them offline -- this is also a good opportunity for you to ask them to certify your new key. They would certify your new key only if they abide by the rules. I wouldn't sign a key because of a key transition document. I would have to contact directly, and better, personally, the owner of the old key, of the transition document, and of the new key. That way, in the future, there will be no valid certifications on your old key, and which key people should choose for you should become clearer. Regards, --dkg To sum it up (as far as I am concerned, and to avoid further bandwidth usage). I am OK with whatever approach or method that would make it clear that the old key is not to be used any more. Take care, Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
transaction already being edited in another register
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Regarding http://tinyurl.com/39mwplx discussing the subject error, I have found that: + The General Ledger shows blank transactions that cannot be deleted when this error appears. If you try to Delete Splits in the General Ledger or offending register when it has occurred you then retrigger the error. + However, as suggested in the URL, deleting the transaction immediately when the autofill fails to perform seems to avoid the error. But it definitely is a PITA if you have a lot of common transactions to fill out... :-( Best regards, Andy -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iJwEAQECAAYFAkvm4PEACgkQOMMPCS4qbIZH7wP+KBBEPoVUo2ht6DOKceGyprVu blITKaaOovQzzFFheME1oW7VTNqlM7cQXJfO/U2s598Eiaeqxvb49XgVmhBJbcwq sydXHipioPOHrcSV+TW+smnKTlx3KVTnjY57Ss7oslYkdSSUgB5Xvyk3w4QuIU0D xCB3EbQB4/QWKcxxoyM= =GWTz -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help me to import my secret key please
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Daniel Kahn Gillmor escribió: On 05/09/2010 04:40 AM, Charly Avital wrote: ... You might want to indicate in the comment of the new key that the previous key (key ID) is not usable, if yoi plan to upload the new public key to a key server I'm not sure exactly what Charly means here, but i strongly recommend you do *not* put this kind of remark in the comment section of the User ID for your new key (between the name and the e-mail). A better ... So why do i think you shouldn't put it in the comment section of your new User ID? Your User ID is the linkage between your key and your real-world identity. When you ask people to sign your key, you are asking them to certify (a) that this key belongs to you, and (b) that they believe this User ID does really belong to you too. If your User ID contains a string that does not really relate to you, you're asking people to certify something unusual and potentially meaningless. But comments field is for comments, not for identity information, so I don't see any problem in adding a hint so people can know which key should I use?. Also, consider the situation 5 years from now -- hopefully you'll still be able to use the key you made today. Do you really want a remark about this legacy key to follow you for 5 years? Good question, but, since the old key (unless it has expiration date) will still be shown as valid at the keyservers, probably it wil haunt him forever. Lastly, since you can't revoke the old key outright, you might consider contacting everyone who has already certified it and asking them to revoke their signatures on the key. You can point them to your Yes, that can be the most useful way to let people know which key is the right one. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJL5yThAAoJEMV4f6PvczxAo/8H/R82/aC24ryF+BSqprj3YTjS Dep8k5bVw3KPanHiVLp7gR8I1oplNOOWxLvOqnMkjV8HZNpb4b8XtVBbctmc96xQ y4wzYiqcvCm9t0OqqCnbl19o5E1Mak2T7n72Sm3NBYLIryPa8RTJePOFs0d2HPrH K/+iI29C1omHaffabkgF0GM9xZhXSq4/psLkpqIMai4kA2diZ5624BHYumfFDi2J b/LqHJCAikMSyhIXtTxGp5DRZK2eTGcVqbJKlRWZTp9B9BTevuZVkXU8da554w45 CIJAof83dCP0EseBPDv8YYywJZvdd1BA8gVTecmSPnu0tPaHfFdFnfQ4dGATBOY= =xgpU -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: transaction already being edited in another register
On 9 May 2010, at 17:21, C. Andrews Lavarre alava...@gmail.com wrote: But it definitely is a PITA if you have a lot of common transactions to fill out... :-( How does this relate to GnuPG? Ben ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Help me to import my secret key please
On 05/09/2010 05:10 PM, Faramir wrote: But comments field is for comments, not for identity information, so I don't see any problem in adding a hint so people can know which key should I use?. OK, but how many such comments should we use? (see below...) Good question, but, since the old key (unless it has expiration date) will still be shown as valid at the keyservers, probably it wil haunt him forever. True. And anyone who wants to can also create and upload a key with his exact User ID and no expiration date, and that bogus key will also haunt him forever. Should he include a comment about not using that maliciously-uploaded key as well? What if 10 bogus keys are uploaded with his User ID? If Joe User's real key is actually 0xDECAFBAD and he still has control over it, what should other users do if they see a key uploaded with the User ID of: Joe User (Do Not Use 0xDECAFBAD) j...@example.net (remember that anyone can upload such a key) ? Should people care about or rely upon those comments? Or are they noise? The point is that people who haven't exchanged keys directly need to rely on certifications, not on oh, this key happens to have a relevant-looking user ID bound to it. Since they already need to rely on certifications, it's best to just treat the bad/old key as though it were one of the malicious keys that anyone could upload. The most useful response is to make sure that your proper key is well-certified, and that any bogus keys are not certified. Regards, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [#24488576] transaction already being edited in another register
On 10 May 2010, at 01:27, supp...@midphase.com supp...@midphase.com wrote: Please remove supp...@midphase or any other @midphase address from your mailing list, thank you. Appears alava...@gmail.com has been set to redirect. Use the list homepage to unsubscribe: http://lists.gnupg.org/mailman/listinfo/gnupg-users Ben ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users