Re: Importing new subkeys
Am Di 10.12.2013, 15:42:40 schrieb Phillip Susi: So my old subkeys are about to expire so I created some new ones at home and exported them with --export-secret-subkeys. When I try to import them at work, gpg just says I already have that key and stops. Why isn't it merging the new subkeys? I ended up having to delete the master key from the keyring in order to import the new subkeys. There is a technical restriction which prevents merging secret keys or secret key components from different sources. This is not going to change before 2.1. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Importing new subkeys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So my old subkeys are about to expire so I created some new ones at home and exported them with --export-secret-subkeys. When I try to import them at work, gpg just says I already have that key and stops. Why isn't it merging the new subkeys? I ended up having to delete the master key from the keyring in order to import the new subkeys. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSp3zAAAoJEI5FoCIzSKrwa7oH/1ShDWfl3BngAx930jCGExaM nFCDRswSZ1M1ivSMdi3x8QF1pWmuxkjLAfxcItv+xfsmjPgO3ET5e1UZNCIN9M+5 OqBlv4DrqmtrnFxDhE9MmvupazW7Z/HGoK+hC6xter6Bbjyk110B0dfHgndhqR5L eT1yXfDTppH+uKdoEdny2hdg0bKe5Sz5r1eusdi/fp94ixFKYBuRCgSOFJHqpcjL 7pHL3QMysjD7JzJRqxo2gtpPMI7pWv4WAPBo4pOKyhlTL4vwhXaZr0ff1mQ0sk4p xZIhWY9jVcCKbzXiVwQbBV67ViWaY/yJozTNvywuYRe4Wr2KaL/UX5aAHmJnGIY= =+SEe -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Importing new subkeys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/10/2013 12:42 PM, Phillip Susi wrote: | So my old subkeys are about to expire so I created some new ones Why are you creating new ones instead of simply extending the expiry of the existing ones? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) iQEcBAEBCAAGBQJSp6NKAAoJEFzGhvEaGryEzzoH+wfHFc1h7C25blYXzdPzqexn qleQtCza9iycpbSbQSrDHGFSrGZwtZkSBGUXS0xtWUa1ffBZjSyu6qNF0o+cvgxc +j6N83Aq1I8Kh23CZ7uNz+fCqtzkei8qY6dkI8Jm4ePIOOMBQ2IxPcycPF7q3cNj uawvqfqesV5MBQKK4JANDt1pqLEo2igSLB4DNI3QbpG44JR39vUrYoM/rTuhSdCN GIutwCwpmi2TylFL2H+l3IXz+84crkL/HCe1dl986IDHhv3wGHuGgRyZfAjpE9qE 54ElNFsh7DPWBg47K8XZW2iRG/07al9H8UlOFdaY5x2a1V0X7YfWjZkMBomOBKk= =T2y8 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
a maximally simplified GUI for OpenPGP (no code)
Hello, some time ago I had a discussion about what a really simple crypto GUI should look like. This is the result: http://www.crypto-fuer-alle.de/wishlist/simple-crypto-gui/index.en.html It's just an HTML page which allows you to jump from screen to screen (for most suggested features) via internal links. Maybe this is interesting for someone. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Importing new subkeys
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/10/2013 06:27 PM, Doug Barton wrote: On 12/10/2013 12:42 PM, Phillip Susi wrote: | So my old subkeys are about to expire so I created some new ones Why are you creating new ones instead of simply extending the expiry of the existing ones? Because I already extended them for a second year once, so I figured it's about time for a new one on the off chance that someone might be trying to crack them using the plethora of public email I have signed using them. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJSp+OPAAoJEI5FoCIzSKrw1F4H/1Va5Vlsge6YMTKNXXkX9Hs7 7VKAfaBePrTs/M7MlmN+dfRpUKYkKiUWxddBREDPPO/5lsSTy2g77uPmH/dIgcPf agE3tl2OAuNh+wurUl1IniJTNwoV0NM+q0QjfJ41FjpnTgsYiS6GE5FI1u0R8Nx2 2I1f6glIBZCoeWJ62nQz/MBCH9C0Scrh8xzYYpYzXBC855r1ehJXSU8x4TdB2gcj //lYRNLTncIhla0UNiMKsauQXeGWuW59zZmSnWuYT2jxEJJi9Ii7/HEKddS+/MtB r2q0If6yo2MTXIDp9fLwXsuTXCXfQgT9dl5CmTVzZK+Axqmvz0VusX/+uyXmcTo= =3mL/ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-agent: pinentry-mode
Hello, I have just been reading the man page of gpg-agent and found this: --allow-loopback-pinentry Allow clients to use the loopback pinentry features; see the option pinentry- mode for details. That made me curious so I wanted to do just that but: That is the only occurrence of pinentry-mode in the man page... Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: change passphrase in batch mode
Am Di 30.07.2013, 14:28:49 schrieb Werner Koch: Sure. Here is a very basic one: Took me some time to give that a try but... echo OK - what's up? while read cmd rest; do echo cmd=$cmd rest=$rest 2 case $cmd in \#*) ;; GETPIN) echo D ${PINENTRY_USER_DATA} echo OK ;; BYE) echo OK exit 0 ;; *) echo OK ;; esac done That works, thanks a lot. I added GETINFO) if [ pid = $rest ]; then echo D $$ fi echo OK ;; It simply echos the content of the envvar PINENTRY_USER_DATA which is passed from gpg to via gpg-agent to the pinentry. This simple example works if just one passphrase is needed (e.g. signing). The problem is that pinentry is called three times when the passphrase is changed. I could put both the old and the new passphrase in PINENTRY_USER_DATA. Unfortunately it is not obvious for pinentry (or rather: me looking at the communication) which of the three calls is the current one. That may be detectable but seems too complicated. My solution is that I let the wrapper read the data from a FIFO. Before gpg --passwd is called the three passphrases are written to the FIFO. I wonder why none of these commands (GETPIN, GETINFO, not even BYE) are explained on http://www.gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users