date:20110413

Re: Creating signatures with expiration time

2011-04-13 Thread Daniel Kahn Gillmor

On 04/13/2011 10:43 PM, Jesus Cea wrote:
> My idea was to create a signature with a expiration date, so signatures
> should be renewed every year. The OpenPGP Standard documents this type
> of signature , but
> GPG doesn't seems to have the option to create them.

Look in the man pages for --default-cert-expire and --ask-cert-expire.

If these do what you want, you can also set them in ~/.gnupg/gpg.conf so
that you don't have to supply them on the command line every time.

hth,

--dkg

signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Creating signatures with expiration time

2011-04-13 Thread Jesus Cea

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi, everybody.

I have a corporate PGP key we use to sign employee keys to validate the
UID belonging to the corporation (that is, that the email present in the
key is actually assigned by us).

My idea was to create a signature with a expiration date, so signatures
should be renewed every year. The OpenPGP Standard documents this type
of signature , but
GPG doesn't seems to have the option to create them.

That is, when I create a signature, I have no way to introduce an
expiration date.

Am I missing anything?. I am using GPG 1.4.10. I would consider moving
to GPG 2 if necessary.

PS: We could manage with revocation signatures, but people would need to
refresh the keys. With a expired signatures people would need to refresh
to see the extension, so they would do.

- -- 
Jesus Cea Avion _/_/  _/_/_/_/_/_/
j...@jcea.es - http://www.jcea.es/ _/_/_/_/  _/_/_/_/  _/_/
jabber / xmpp:j...@jabber.org _/_/_/_/  _/_/_/_/_/
.  _/_/  _/_/_/_/  _/_/  _/_/
"Things are not so easy"  _/_/  _/_/_/_/  _/_/_/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/_/_/_/  _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBTaZfO5lgi5GaxT1NAQJFEgQAnPvxbDaycAcvWS3s6dUhzVT3JW7GNee4
3W39hg/rbLYeiI9QDu4iWGCZpk8QH1D8nMDoJrTdv4U3YDvzKS571+3fnEJYISRd
dYxDE0kzW7/Ly4nA5KbZh3OxDbJKvvmd/AeS74ctqiUTf38p0qkLOnnnvluJGojx
qG7bp8dRYF4=
=qeft
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG failing to decrypt all files

2011-04-13 Thread lists

Hi!

I have a curious problem. I just installed GPG4win and I'm having issues with 
my tests. I randomly selected three files from my desktop to encrypt. Two were 
clear text and one was an xlsx. I encrypted them in a folder with no errors. It 
did package them in a gzipped tarball I believe. When I decrypted, Kleopatra 
insisted there were no errors. However when I went to check only two of the 
files were present (one ascii and the xslx). The one that didn't decrypt was a 
bat file, so I thought it may exclude those from the tar so I changed it to a 
.txt extension to no avail.after testing for a bit I thought it was a fluke and 
moved on.

I then tried setting up GPG4win on a user's computer and encrypted 101 files. 
Mostly Excel and Word binaries (before they went XML). The same thing happened. 
101 files selected for Encryption, 100 files decrypted. We saved a copy (only 
modifying the name) of the Excel file and out of 102 files, only 101 decrypted! 
And the copy encrypted/decrypted fine. The original file was still missing.

I went back to check my first error on my computer with verbose logging, and I 
clipped what I thought was relevant below (input/out errors) from the gpgagent 
daemon. Am I doing something wrong? Can I check to see what was encrypted 
file-by-file to ensure all files are archiving properly?

I'm hoping to replace a securitybox install with this. Any help would be 
appreciated.

gpg-agent[5844]: chan_00F0 <- GETINFO cmd_has_option GET_PASSPHRASE repeat
gpg-agent[5844]: chan_00F0 -> OK
gpg-agent[5844]: chan_00F0 <- GET_PASSPHRASE --data --repeat=0 -- 
24ECA7F198F175DFFAC198448D37D03FD154F634 X X 
Please+enter+the+passphrase+to+unlock+the+secret+key+for+the+OpenPGP+certificate:%0A%22user+(test)+%22%0A2048-bit+RSA+key,+ID+D154F634,%0Acreated+2011-03-31.%0A
2011-04-13 11:51:58 gpg-agent[5844] DBG: agent_get_cache 
`24ECA7F198F175DFFAC198448D37D03FD154F634'...
2011-04-13 11:51:58 gpg-agent[5844] DBG: ... miss
2011-04-13 11:51:58 gpg-agent[5844] starting a new PIN Entry
gpg-agent[5844]: chan_00E8 <- OK Your orders please
2011-04-13 11:51:58 gpg-agent[5844] DBG: connection to PIN entry established
gpg-agent[5844]: chan_00E8 -> OPTION grab
gpg-agent[5844]: chan_00E8 <- OK
gpg-agent[5844]: chan_00E8 -> OPTION ttyname=/dev/tty
gpg-agent[5844]: chan_00E8 <- OK
gpg-agent[5844]: chan_00E8 -> OPTION default-ok=_OK
gpg-agent[5844]: chan_00E8 <- OK
gpg-agent[5844]: chan_00E8 -> OPTION default-cancel=_Cancel
gpg-agent[5844]: chan_00E8 <- OK
gpg-agent[5844]: chan_00E8 -> OPTION default-prompt=PIN:
gpg-agent[5844]: chan_00E8 <- OK
gpg-agent[5844]: chan_00E8 -> OPTION touch-file=C:\Documents and 
Settings\user\Application Data\gnupg\S.gpg-agent
gpg-agent[5844]: chan_00E8 <- OK
gpg-agent[5844]: chan_00E8 -> GETINFO pid
gpg-agent[5844]: chan_00E8 <- D 3856
gpg-agent[5844]: chan_00E8 <- OK
gpg-agent[5844]: chan_00F0 -> INQUIRE PINENTRY_LAUNCHED 3856
gpg-agent[5844]: chan_00F0 <- END
gpg-agent[5844]: chan_00E8 -> SETDESC Please enter the passphrase to unlock 
the secret key for the OpenPGP certificate:%0A%22user (test) 
%22%0A2048-bit RSA key, ID D154F634,%0Acreated 2011-03-31.%0A
gpg-agent[5844]: chan_00E8 <- OK
gpg-agent[5844]: chan_00E8 -> SETPROMPT Passphrase
gpg-agent[5844]: chan_00E8 <- OK
gpg-agent[5844]: chan_00E8 -> [[Confidential data not shown]]
2011-04-13 11:51:58 gpg-agent[5844] handler 0x98c for fd 220 started
gpg-agent[5844]: chan_00DC -> OK Pleased to meet you
gpg-agent[5844]: chan_00DC <- OPTION ttyname=/dev/tty
gpg-agent[5844]: chan_00DC -> OK
gpg-agent[5844]: chan_00DC <- OPTION allow-pinentry-notify
gpg-agent[5844]: chan_00DC -> OK
gpg-agent[5844]: chan_00DC <- SCD SERIALNO
2011-04-13 11:51:58 gpg-agent[5844] new connection to SCdaemon established 
(reusing)
gpg-agent[5844]: chan_00EC -> SERIALNO
gpg-agent[5844]: chan_00EC <- ERR 100663404 Card error 
gpg-agent[5844]: chan_00DC -> ERR 100663404 Card error 
gpg-agent[5844]: chan_00DC <- BYE
gpg-agent[5844]: chan_00DC -> OK closing connection
gpg-agent[5844]: chan_00EC -> RESTART
gpg-agent[5844]: chan_00EC <- OK
2011-04-13 11:51:58 gpg-agent[5844] handler 0x98c for fd 220 terminated
2011-04-13 11:52:00 gpg-agent[5844] handler 0xce0 for fd 192 started
gpg-agent[5844]: chan_00C0 -> OK Pleased to meet you
gpg-agent[5844]: chan_00C0 <- OPTION ttyname=/dev/tty
gpg-agent[5844]: chan_00C0 -> OK
gpg-agent[5844]: chan_00C0 <- OPTION allow-pinentry-notify
gpg-agent[5844]: chan_00C0 -> OK
gpg-agent[5844]: chan_00C0 <- SCD SERIALNO
2011-04-13 11:52:00 gpg-agent[5844] new connection to SCdaemon established 
(reusing)
gpg-agent[5844]: chan_00EC -> SERIALNO
gpg-agent[5844]: chan_00EC <- ERR 100663404 Card error 
gpg-agent[5844]: chan_00C0 -> ERR 100663404 Card error 
gpg-agent[5844]: chan_00C0 <- BYE
gpg-agent[5844]: chan_00C0 -> OK closing connection
gp

GitHub project for adding udev rules

2011-04-13 Thread Todd A. Jacobs

A month or so ago, I bumped into the fact that the howto on gnupg.org was a
bit outdated, and didn't really cover proper use of udev or libccid on
Debian and Ubuntu. So, I threw together a little howto of my own, and
bundled it with a new udev rules file and a helper script for generating new
udev rules for PC/SC readers.

https://github.com/CodeGnome/smartcard_rules

If you have some known-good PC/SC device IDs that don't respond with the
generic bInterfaceClass, please feel free to submit a pull request and I'll
add the rules. Hopefully, this will make it easier for people to use crypto
cards on Debian-derived distributions in the future.

Enjoy!
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Redux (gettext): was: gpg 1.4.11 - problem with dyld when refreshing keys. on a PowerPC Mac.

2011-04-13 Thread Charly Avital

Hi,

In my previous post:

> System: gpg 1.4.11 - Processor: PowerPC G4  (1.1) - MacOSX 10.5.8
> 
> Compiled from freshly downloaded source code:
> /.configure without flags
> Version info:   gnupg 1.4.11
> Configured for: Darwin (powerpc-apple-darwin9.8.0).
> Compiled and installed.
> 
> When running from Terminal:
> $ gpg --refresh-keys
> 
> Output starts with:
> gpg: requesting key C91B085E from http server subkeys.pgp.net
> dyld: Library not loaded: /usr/local/lib/libintl.3.dylib
>   Referenced from: /usr/local/libexec/gnupg/gpgkeys_http
>   Reason: image not found
> gpg: unnatural exit of external program
> gpg: no handler for keyserver scheme `http'


I made some research, and found pointers to the possibility that the
problem was with the version of gettext.

I was running version 0.17.

I attempted to upgrade to the current 0.18.1.1, it failed, but 0.18.1
got installed. The problem with gpg --refresh-keys remained unchanged.
I tried to install  gettext 0.18, it failed.

If someone is interested in the problem, I can copy the Terminal outputs.

By the way, gettext 0.18.1.1 installs without problems on an Intel
MacBook, where the command gpg --refresh-keys runs and completes without
warnings.

Thanks,
Charly



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Creating signatures with expiration time

Creating signatures with expiration time

GnuPG failing to decrypt all files

GitHub project for adding udev rules

Redux (gettext): was: gpg 1.4.11 - problem with dyld when refreshing keys. on a PowerPC Mac.

5 matches

Site Navigation

Mail list logo

Footer information