GPG Assuan protocol usage
Hi gpg-ers, I'm interested in utilizing GnuPG in software that I'm writing and it seems that communicating with the gpg-agent over a unix socket using the Assuan protocol is best suited for my use case but am open to other options if there are better approaches. My problem lies in getting the assuan protocol in practice to match up with the documentation herehttp://www.gnupg.org/documentation/manuals/gnupg-devel/Agent-Protocol.html#Agent-Protocol . When attempting to use the GENKEY command as described herehttp://www.gnupg.org/documentation/manuals/gnupg-devel/Agent-GENKEY.html#Agent-GENKEY as new user I always get an invalid data error when using the example client requests: socat /tmp/gpg-x/S.gpg-agent - OK Pleased to meet you, process 280 GENKEY INQUIRE KEYPARAM D (genkey (rsa (nbits 4096))) END ERR 67108943 Invalid data GPG Agent GENKEY INQUIRE KEYPARAM D (genkey (rsa (nbits 2048))) END ERR 67108943 Invalid data GPG Agent GENKEY INQUIRE KEYPARAM D (genkey (rsa (nbits 1024))) END ERR 67108943 Invalid data GPG Agent Starting gpg-agent with --debug 10 I get the following debug output: [user@host]:~$ gpg-agent --daemon --no-detach --debug 10 gpg-agent[]: directory `/home/user/.gnupg' created gpg-agent[]: directory `/home/user/.gnupg/private-keys-v1.d' created gpg-agent[]: failed to convert keyparam: Invalid length specifier in S-expression gpg-agent[]: command genkey failed: Invalid data gpg-agent[]: failed to convert keyparam: Invalid length specifier in S-expression gpg-agent[]: command genkey failed: Invalid data gpg-agent[]: failed to convert keyparam: Invalid length specifier in S-expression gpg-agent[]: command genkey failed: Invalid data This seems to suggest that there exist more parameters to the GENKEY command than are documented. What am I missing here? Taking a step back is this a good solution for 3rd party software to use GPG or are there libraries I should be using instead to accomplish the communication? Diving into the code to see if I can't figure it out but maybe you can help. Thanks, -Alan Meekins ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG 2.0.22 installation on Suse Enterprise 11.3
Hi all, I was attempting to upgrade the GnuPG 2.0.9 on the Suse Linux to version 2.0.22 but was hit by some missing dependency. May I know what are the necessary package that I need to install before installing GnuPG 2.0.22? I have installed libassuan-2.1.1-1 which I believe is part of the missing dependency. Thank you for any advise that will point me to solve the problem. Regards, Kevin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: using an OpenPGP card with Java (keytool and jarsigner)
On Tue, 7 Jan 2014 15:32, h...@guardianproject.info said: OpenPGP card as a PKCS11 keystore. It seems that things are close: Java can use NSS as a provider of PKCS11. I guess the question is whether opensc is making a PKCS#11 interface to the OpenPGP card, that's the bit that I don't Scute also provides an pkcs#11 interface to NSS. Thus you should be able to use it also with Java. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG Assuan protocol usage
On Wed, 8 Jan 2014 00:30, alan.meek...@gmail.com said: D (genkey (rsa (nbits 4096))) Use D (genkey (rsa (nbits 4:4096))) to match the S-expression syntax. A leading digit denotes a length and thus you can't enter a number without its length. Yes, this is a common pitfall. Instead of socat, I suggest the use of gpg-connect-agent (which even feature a simple script language). If gpg-agent is installed on a system gpg-connect-agent is also available. As an alternative you may also use the Assuan interface of GPGME (see gpa/src/cardman.c for examples). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.0.22 installation on Suse Enterprise 11.3
On Wed, 8 Jan 2014 09:06, spldemou...@gmail.com said: I was attempting to upgrade the GnuPG 2.0.9 on the Suse Linux to version 2.0.22 but was hit by some missing dependency. May I know what are the necessary package that I need to install before installing GnuPG 2.0.22? Running ./configure shows you all missing dependencies. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: using an OpenPGP card with Java (keytool and jarsigner)
On 01/08/2014 07:02 AM, Werner Koch wrote: On Tue, 7 Jan 2014 15:32, h...@guardianproject.info said: OpenPGP card as a PKCS11 keystore. It seems that things are close: Java can use NSS as a provider of PKCS11. I guess the question is whether opensc is making a PKCS#11 interface to the OpenPGP card, that's the bit that I don't Scute also provides an pkcs#11 interface to NSS. Thus you should be able to use it also with Java. I haven't tried scute, but it seems that opensc v0.13 provides a PKCS#11 interface to the OpenPGP card. I am able to get keytool to report the certificate in key position #3, but the question I have now is that given that key #3 is for authentication, is there some restriction in the OpenPGP card that would prevent the certificate/key combo in position #3 from being used for signing? I did read about using opensc with an OpenPGP card to provide S/MIME services. What I read there is that in order to use the certificate/key combo in position #3 for decrypting emails, the key in position #2 (decryption) must match the key in position number #3. Is there a similar restriction for signing? I forget if I mentioned this, but the grand goal is to have a single hardware security module that can sign the Android APK using jarsigner, then make a OpenPGP signature on the APK, then optionally provide authentication for scp'ing the resulting files to the release server. .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG Assuan protocol usage
Ah thanks, that was the problem. Would be helpful if this pagehttp://www.gnupg.org/documentation/manuals/gnupg-devel/Agent-GENKEY.html#Agent-GENKEYwere updated to reflect the correct syntax for future users. Was just using socat for testing purposes. My system requires the lowest latency and fewest memcpy's possible so if I continue with the socket interface I will use it directly. Since posting I've come across the Qt Cryptographic Architecture (qca) which looks to be a better approach for me as I'm already developing in Qt. Thanks again, -Alan On Wed, Jan 8, 2014 at 4:09 AM, Werner Koch w...@gnupg.org wrote: On Wed, 8 Jan 2014 00:30, alan.meek...@gmail.com said: D (genkey (rsa (nbits 4096))) Use D (genkey (rsa (nbits 4:4096))) to match the S-expression syntax. A leading digit denotes a length and thus you can't enter a number without its length. Yes, this is a common pitfall. Instead of socat, I suggest the use of gpg-connect-agent (which even feature a simple script language). If gpg-agent is installed on a system gpg-connect-agent is also available. As an alternative you may also use the Assuan interface of GPGME (see gpa/src/cardman.c for examples). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users