Re: setting env vars for gpg-agent
On Sat, 13 Sep 2014 22:02, ricu...@gmail.com said:
After gpg-agent stopped to work for ssh auth from OpenPGP smartcard
after some ubuntu upgrade a while back, I launch it and set the env
variables in ~/.bashrc.
I suggest to lauch gpg-agent on the fly: Add
use-standard-socket
to ~/.gnupg/gpg-agent.conf and remove all settings of GPG_AGENT_INFO. I
use this in my ~/.bashrc :
--8---cut here---start-8---
# If running interactively, then:
if [ $PS1 ]; then
# Setup information required by GnuPG and ssh. We use the standard
# socket in GnuPG's homedir, thus there is no need for an
# environment variable. We reset any left over envvar.
# SSH_AGENT_PID should not be set either because it is only used to
# kill ssh-agent (option -k) but we don't want this to kill
# gpg-agent. Because ssh does not know about GnuPG's homedir we
# need to set its envvar to gpg-agent's ssh socket. GPG_TTY needs
# to be set to the current TTY. The extra test is used to avoid
# setting SSH_AUTH_SOCK if gpg-agent has been started with the
# shell on the command line (often used for testing).
unset GPG_AGENT_INFO
unset SSH_AGENT_PID
if [ ${gnupg_SSH_AUTH_SOCK_by:-0} -ne $$ ]; then
export SSH_AUTH_SOCK=${HOME}/.gnupg/S.gpg-agent.ssh
fi
fi
export GPG_TTY=$(tty)
--8---cut here---end---8---
If you want to use gpg-agent's ssh-agent implementaion, you need to make
sure that gpg-agent is started (becuase ssh does not know how to start
gpg-agent). You may do this with gpg-connect-agent /bye
This works since 2.0.16 released 4 years ago. Recent veNote that if you
have ~/.gnupg on some remote file system, this may not work.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Help about GnuPG 1.4.9
Hello, I'm a completly new possible user of macgpg. I want to use it but somme security questions don't be resolved : I've a Mac with Mac OS 10.5.8 Intel Core 2 duo with AppleMail 3.6 and want to download the free software. I've falled on this site : http://macgpg.sourceforge.net/fr/index.html which lets download this : GNU Privacy Guard - pour Mac OS X 10.1 (et suivantes) Pour Mac OS X 10.4.x et plus nouveau GnuPG v2.x, now a separate project. 1.4.9, MD5: 36d9eb482a98774521bfd7bb73e4ad06 I've choosen 1.4.9 The link is : http://sourceforge.net/projects/macgpg/files/GnuPG%20for%20OS%20X/1.4.9/GnuPG1.4.9.dmg/download?use_mirror=garrdownload= But after, I've read : Never use a GnuPG version you just downloaded to check the integrity of the source - use an existing GnuPG installation. on : https://www.gnupg.org/download/integrity_check.html and that's the problem for me : how can I know if the software downloaded is secure or not ? I followed the advices : gpg --verify 1.4.9 sha1sum 1.4.9 etc., on Terminal.app but never appeared the good suite MD5 of numbers and letters ! history: 'openssl md5 [nomDeFichier]'Last login: Sun Aug 16 17:52:58 on console Ordinateur-839:~ alain1$ 'openssl md5 [/Users/alain1/Desktop/ GnuPG1.4.9.dmg ]'-bash: openssl md5 [/Users/alain1/Desktop/ GnuPG1.4.9.dmg ]: No such file or directory Ordinateur-839:~ alain1$ 'openssl md5 [GnuPG1.4.9]' -bash: openssl md5 [GnuPG1.4.9]: command not found Ordinateur-839:~ alain1$ openssl md5 [/Users/alain1/Desktop/ GnuPG1.4.9.dmg]' 'openssl md5 [/Volumes/GnuPG\ Mac\ OS\ X\ 1.4.9/GnuPG\ for\ Mac\ OS \ X\ 1.4.9.mpkg ]' openssl md5 1.4.9 sha1sum /Volumes/GnuPG\ Mac\ OS\ X\ 1.4.9/GnuPG\ for\ Mac\ OS\ X\ 1.4.9.mpkg sha1sum 1.4.9 sha1sum/Volumes/GnuPG\ Mac\ OS\ X\ 1.4.9 sha1sum /Users/alain1/Desktop/GnuPG1.4.9.dmg sha1sum 1.4.9 sha1sum GnuPG1.4.9.dmg openssl md5 GnuPG1.4.9.dmg openssl md5 GnuPG Mac OS X 1.4.9 openssl md5 [GnuPG Mac OS X 1.4.9] gpg --verify /Volumes/GnuPG\ Mac\ OS\ X\ 1.4.9 gpg --verify 1.4.9 openssl md5 GnuPG 1.4.9 'openssl md5 [/Users/alain1/Desktop/GnuPG1.4.9.dmg]' openssl md5 [/Users/alain1/Desktop/GnuPG1.4.9.dmg] sha1sum /Volumes/GnuPG\ Mac\ OS\ X\ 1.4.9 sha1sum GnuPG1.4.9.dmg sha1sum GnuPG Mac OS X 1.4.9 sha1sum 1.4.9 Thus, my second question : With which application can I check that the software downloaded is secure (writing openssl md5…) or In which Web site can I download a secure GnuPG1.4.9.dmg ? Does it compulsorily begin with https ? Third question : Have I to put the software into the folder applications to install it ? Last question: This software does it work on AppleMail 3.6 ? Thanks for your answers. And excuse me for my unknowledge of softwares... Leon65 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
encrypting to expired certificates
Hello, after filing a bug report for my mail client because it does not allow me to encrypt to an expired certificate (neither does Enigmail) I was surprised to notice that I didn't manage to encrypt to an expired certificate with gpg in the console (2.0.22). Is this not possible (what about gpgme?) or am I just not aware of how to get that done? I would consider not being able to encrypt to an expired key a severe security flaw because it may force the sender to send the message unencrypted. It is OK to warn the user but it must be possible to override this warning. Expiration is not a security problem (let alone a severe one). It does not even work with --encrypt-to. And the man page says about this command: No trust checking is performed for these user ids and even disabled keys can be used. Non-valid keys are OK, disabled keys are OK but the least severe case expiration is not OK? Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
