Re: Importing new subkeys

2013-12-10 Thread Hauke Laging 
Am Di 10.12.2013, 15:42:40 schrieb Phillip Susi:
 So my old subkeys are about to expire so I created some new ones at
 home and exported them with --export-secret-subkeys.  When I try to
 import them at work, gpg just says I already have that key and stops.
 Why isn't it merging the new subkeys?  I ended up having to delete
 the master key from the keyring in order to import the new subkeys.

There is a technical restriction which prevents merging secret keys or secret 
key components from different sources. This is not going to change before 2.1.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Importing new subkeys

2013-12-10 Thread Phillip Susi 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

So my old subkeys are about to expire so I created some new ones at
home and exported them with --export-secret-subkeys.  When I try to
import them at work, gpg just says I already have that key and stops.
Why isn't it merging the new subkeys?  I ended up having to delete
the master key from the keyring in order to import the new subkeys.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSp3zAAAoJEI5FoCIzSKrwa7oH/1ShDWfl3BngAx930jCGExaM
nFCDRswSZ1M1ivSMdi3x8QF1pWmuxkjLAfxcItv+xfsmjPgO3ET5e1UZNCIN9M+5
OqBlv4DrqmtrnFxDhE9MmvupazW7Z/HGoK+hC6xter6Bbjyk110B0dfHgndhqR5L
eT1yXfDTppH+uKdoEdny2hdg0bKe5Sz5r1eusdi/fp94ixFKYBuRCgSOFJHqpcjL
7pHL3QMysjD7JzJRqxo2gtpPMI7pWv4WAPBo4pOKyhlTL4vwhXaZr0ff1mQ0sk4p
xZIhWY9jVcCKbzXiVwQbBV67ViWaY/yJozTNvywuYRe4Wr2KaL/UX5aAHmJnGIY=
=+SEe
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Importing new subkeys

2013-12-10 Thread Doug Barton 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12/10/2013 12:42 PM, Phillip Susi wrote:
| So my old subkeys are about to expire so I created some new ones

Why are you creating new ones instead of simply extending the expiry
of the existing ones?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (GNU/Linux)

iQEcBAEBCAAGBQJSp6NKAAoJEFzGhvEaGryEzzoH+wfHFc1h7C25blYXzdPzqexn
qleQtCza9iycpbSbQSrDHGFSrGZwtZkSBGUXS0xtWUa1ffBZjSyu6qNF0o+cvgxc
+j6N83Aq1I8Kh23CZ7uNz+fCqtzkei8qY6dkI8Jm4ePIOOMBQ2IxPcycPF7q3cNj
uawvqfqesV5MBQKK4JANDt1pqLEo2igSLB4DNI3QbpG44JR39vUrYoM/rTuhSdCN
GIutwCwpmi2TylFL2H+l3IXz+84crkL/HCe1dl986IDHhv3wGHuGgRyZfAjpE9qE
54ElNFsh7DPWBg47K8XZW2iRG/07al9H8UlOFdaY5x2a1V0X7YfWjZkMBomOBKk=
=T2y8
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

a maximally simplified GUI for OpenPGP (no code)

2013-12-10 Thread Hauke Laging 
Hello,

some time ago I had a discussion about what a really simple crypto GUI should 
look like. This is the result:

http://www.crypto-fuer-alle.de/wishlist/simple-crypto-gui/index.en.html

It's just an HTML page which allows you to jump from screen to screen (for 
most suggested features) via internal links. Maybe this is interesting for 
someone.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Importing new subkeys

2013-12-10 Thread Phillip Susi 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 12/10/2013 06:27 PM, Doug Barton wrote:
 On 12/10/2013 12:42 PM, Phillip Susi wrote: | So my old subkeys are
 about to expire so I created some new ones
 
 Why are you creating new ones instead of simply extending the
 expiry of the existing ones?

Because I already extended them for a second year once, so I figured
it's about time for a new one on the off chance that someone might be
trying to crack them using the plethora of public email I have signed
using them.


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJSp+OPAAoJEI5FoCIzSKrw1F4H/1Va5Vlsge6YMTKNXXkX9Hs7
7VKAfaBePrTs/M7MlmN+dfRpUKYkKiUWxddBREDPPO/5lsSTy2g77uPmH/dIgcPf
agE3tl2OAuNh+wurUl1IniJTNwoV0NM+q0QjfJ41FjpnTgsYiS6GE5FI1u0R8Nx2
2I1f6glIBZCoeWJ62nQz/MBCH9C0Scrh8xzYYpYzXBC855r1ehJXSU8x4TdB2gcj
//lYRNLTncIhla0UNiMKsauQXeGWuW59zZmSnWuYT2jxEJJi9Ii7/HEKddS+/MtB
r2q0If6yo2MTXIDp9fLwXsuTXCXfQgT9dl5CmTVzZK+Axqmvz0VusX/+uyXmcTo=
=3mL/
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg-agent: pinentry-mode

2013-12-10 Thread Hauke Laging 
Hello,

I have just been reading the man page of gpg-agent and found this:


--allow-loopback-pinentry
Allow clients to use the loopback pinentry features; see the option pinentry-
mode for details.


That made me curious so I wanted to do just that but: That is the only 
occurrence of pinentry-mode in the man page...


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: change passphrase in batch mode

2013-12-10 Thread Hauke Laging 
Am Di 30.07.2013, 14:28:49 schrieb Werner Koch:

 Sure.  Here is a very basic one:

Took me some time to give that a try but...


   echo OK - what's up?
   while read cmd rest; do
 echo cmd=$cmd rest=$rest 2
 case $cmd in
   \#*)
 ;;
   GETPIN)
 echo D ${PINENTRY_USER_DATA}
 echo OK
 ;;
   BYE)
 echo OK
 exit 0
 ;;
   *)
 echo OK
 ;;
 esac
   done

That works, thanks a lot. I added
GETINFO)
if [ pid = $rest ]; then
echo D $$
fi
echo OK
;;


 It simply echos the content of the envvar PINENTRY_USER_DATA which is
 passed from gpg to via gpg-agent to the pinentry.

This simple example works if just one passphrase is needed (e.g. signing). The 
problem is that pinentry is called three times when the passphrase is changed. 
I could put both the old and the new passphrase in PINENTRY_USER_DATA. 
Unfortunately it is not obvious for pinentry (or rather: me looking at the 
communication) which of the three calls is the current one. That may be 
detectable but seems too complicated. My solution is that I let the wrapper 
read the data from a FIFO. Before gpg --passwd is called the three passphrases 
are written to the FIFO.


I wonder why none of these commands (GETPIN, GETINFO, not even BYE) are 
explained on
http://www.gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users