Re: GnuPG 2.1.0: --refresh-keys regression
On Tue, 11 Nov 2014 23:49, ara...@aixah.de said: One of the changes introduced with GnuPG 2.1 -- namely, using dirmngr for key retrieval -- has caused some problems for me. First of all, I'm Thanks for reporting. I am already aware of it asdkg already reported that a few days ago. I assume keymngr should handle this in a better way (or is it wrong for the keyservers to deny such requests?) It is simply a bug. dirmngr also seems to have problems with hkps certificate checking for keyserver addresses with round-robin DNS, but I need to examine this further before I can provide details. Did you put an hkp-cacert FILE into dirmngr.conf ? Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.0 modern released
On Tue, 11 Nov 2014 21:00, mailing-li...@asatiifm.net said: I really have no rush with this. Just debugging for others and happily using the stable branch. Thanks for explaining. I can dig into this myself at some point. It’s also possible whoever is maintaining the homebrew repo for gnupg might solve the issue and push an update there. It seems that there is a conflict between different build systems. Which is not not surprising. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ECDSA vs EDDSA
On 10/11/14 17:31, Werner Koch wrote: Which is used in 2.1: That's great to hear, just like it is in general pretty great you got to release a major new version! Congratulations! After browsing a bit in the source, I conclude that RFC 6979 is used for both classic DSA and ECDSA; something not immediately apparent from the commit message when you don't know the code. After reading parts of the Ed25519 specification[1], given the way they formulate it there, I was left with the impression that ECDSA is necessarily bound to real randomness. I completely forgot that RFC 6979 is cleverly designed to be a drop-in replacement with no changes needed on the receiving side. With Pete Stephenson also rightly calling out my wrong statement on the Brainpool curves, I've come to regret my too hastily written reply. I should have checked my statements. I already had enough doubt to qualify my statement with and (I believe also) Brainpool. There is enough FUD out there without me adding to that :(. But I'm glad people were quick to point out my factual errors. Thanks! Peter. [1] Bernstein, D., Duif, N., Lange, T., Schwabe, P., and B. Yang, High-speed high-security signatures, Journal of Cryptographic Engineering Volume 2, Issue 2, pp. 77-89, September 2011, http://dx.doi.org/10.1007/s13389-012-0027-1. PS: Is there a better way to say classic DSA? What about ElGamal-style DSA? -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ECDSA vs EDDSA
On Wed, 12 Nov 2014 14:28, pe...@digitalbrains.com said: After browsing a bit in the source, I conclude that RFC 6979 is used for both classic DSA and ECDSA; something not immediately apparent from the commit message when you don't know the code. Right. And actually it can also be used for 2.0. This requires a runtime check for the libgcrypt version and to add the rfc6979 flag for libgcrypt 1.6. In 2.0 we have use this in g10/pkglue.c: if (gcry_sexp_build (s_hash, NULL, %m, hash)) BUG (); /* gcry_sexp_build should never fail. */ it needs to be replaced with something like if (gcry_check_version (1.6.0) { err = gcry_sexp_build (hash, NULL, (data (flags rfc6979) (hash %s %b)), rfc6979_hash_algo_string (mdlen), (int)mdlen, md); } else err = gcry_sexp_build (s_hash, NULL, %m, hash); but the callers of that pk_sign function need to provide the hash algorithm as well. Thus more than a few lines need to be changed. it would be useful to have this for plain DSA, though. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG 2.1.0/Win32: keyserver lookup problems
If your system is trying to write to the Program Files directory, look in the VirtualStore. This can be found at This turned out to be exactly it. Thank you, Michael: this was driving me up the wall and making me wonder if I'd been hallucinating. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: ECDSA vs EDDSA
There is enough FUD out there without me adding to that :(. Everybody makes a braino sooner or later. God knows I have my own litany of them. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Unsubscribing temporarily
Hi, for health reasons I am unsubscribing for the time being. I shall subscribe again in due time. My apologies to the list. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 and Mailpile (LWN comments) about GPGME
On Tue, Nov 11, 2014 at 2:21 PM, Bernhard Reiter bernh...@intevation.de wrote: In https://www.mailpile.is/blog/2014-10-07_Some_Thoughts_on_GnuPG.html the Mailpile developers would like to replace GnuPG with something better and for the short term propose to extend GnuPG with a command line JSON interface in the short term. I've commented the article under the LWN news about GnuPG 2.1.0 release https://lwn.net/Articles/619337/ as following: I actually disagree with the assumption here. The --with-colons --command-fd --status-fd interface has been remarkably stable. The last major incompatible change was in 1.4.9 and 2.0.11 when the order in which subkey algorithms were presented was changed. Other than that, it is an incredibly well-designed an easy to parse interface. The only way in which it can trip you up is that you need to keep a careful watch on whether you are expecting further data from gpg or not. The stability and utility of this interface is one of my favourite aspects of the gnupg project, and I really admire Werner for his work here. Nicholas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1.0 Merging secret key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 11 November 2014 at 2:12:17 PM, in mid:54621941.5040...@mustrum.net, Mustrum wrote: Hi all, I'm merging one of my 'old' sub-key into another key-pair. It kept the same keygrip but got a new ID/fingerprint. How can I use that new subkey to decrypt something encrypted to my 'old' subkey ? My guess would be the option --try-secret-key name where name might be the subkey's new ID followed by an exclamation mark. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net If you save the world too often, it begins to expect it -BEGIN PGP SIGNATURE- iQF8BAEBCgBmBQJUY+NqXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwDUgIALL9+7vMnaRGI0qryxZylU6W UQYA5cWF8cFCT0ZkWACXSHO+AL4Qi7+06z7f3ktEEy06SraW/c66LHZaGg4lwnBp htYhSwzsDs6PZNiNVW+CMtIBqX3Y3exrHLqTsIGKrNNTemJP2OdFIPJ1vYFqd0KE Fvg098LlPRKhrfNGLr4v6olVNfBFP4Xzp5mYL7WGUMR2ViAG9Ch8loJET6J7yjJt 0zAt0i7pDKrVwx9zzkZfg4mTaaL0nIF/R/zB5Pt3dVFPYXoEc7OEZ5ncjrrYVjT6 IMdzfDM7ST21GadDJgd1tJHnhWcHGu/kF64UmsmzGQ0df4NNZ+6AWYvjWfGaing= =DyUI -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unsubscribing temporarily
On 12/11/14 15:20, Charly Avital wrote: Hi, for health reasons I am unsubscribing for the time being. I shall subscribe again in due time. My apologies to the list. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Charly, No need to apologize. Just sign up again when you are better. And, I hope and am convinced, that I can speak for the whole list/team, we wish you all the best and hope you get well soon. All the best. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users