AW: WINDOWS - Adding passphrase to gpg via command line

[Mike Kaufmann]

Hi Peter

Thanks for your answer!

Unfortunately I still receive the same errors when I set the passphrase param 
as hexstring in Windows Command Line:

ERR 67108992 Missing value 
ERR 67109139 Unknown IPC command 

See also the attached screenshot. Do you habe any other ideas? This tool seems 
not to be made for Windows OS :(

Regards
Mike

-Ursprüngliche Nachricht-
Von: Peter Lebbing [mailto:pe...@digitalbrains.com] 
Gesendet: Montag, 13. Juni 2016 20:15
An: Mike Kaufmann 
Cc: gnupg-users@gnupg.org
Betreff: Re: WINDOWS - Adding passphrase to gpg via command line

On 13/06/16 08:12, Mike Kaufmann wrote:
> Unfortunately when I start gpg-agent with the following command on 
> Windows Command Line gpg-connect-agent PRESET_PASSPHRASE 
> "74EC3FAA93CD49446EC6825C3EBEB2C336CCBE2A" -1 "MyPassphrase"
> 
> I receive the following errors:
> ERR 67108992 Missing value  ERR 67109139 Unknown IPC 
> command 

I think it's possible Werner was mistaken about the correct format of the 
command. Here, on Debian GNU/Linux with GnuPG 2.1.11 (Debian packages version 
2.1.11-7), the correct invocation appears to be different. However, so is the 
error message, oddly enough.

This is the help text for PRESET_PASSPHRASE:

> $ gpg-connect-agent
> > help preset_passphrase
> # PRESET_PASSPHRASE [--inquire]   
> [] # # Set the cached passphrase/PIN for the key identified 
> by the keygrip # to passwd for the given time, where -1 means infinite 
> and 0 means # the default (currently only a timeout of -1 is allowed, 
> which means # to never expire it).  If passwd is not provided, ask for 
> it via the # pinentry module unless --inquire is passed in which case 
> the passphrase # is retrieved from the client via a server inquire.
> OK

So it appears to take a hexstring, not a percent-escaped string. Indeed this is 
what happens (the passphrase is indeed "test", this is a test key, not my real 
key :-):

> > preset_passphrase 2F677680CA15F6F7B963AF35822E8EC01FBF840A -1 "test"
> ERR 67109144 IPC parameter error  - invalid hexstring
> > preset_passphrase 2F677680CA15F6F7B963AF35822E8EC01FBF840A -1 test
> ERR 67109144 IPC parameter error  - invalid hexstring

Note it explicitly complains about the format, where on your invocation it's 
more ambiguous. This is a bit odd, if you ask me.

Now let's write "test" as hexadecimal ASCII:

> > preset_passphrase 2F677680CA15F6F7B963AF35822E8EC01FBF840A -1 
> > 74657374
> OK

And indeed the key is unlocked for use and could be used to sign some data.

So you could try this. I don't know what utility you'd use on Windows to easily 
get the hexadecimal. But to get the exact required input on a system like 
Linux, this will do so:

> $ echo -n "MyPassphrase" | hexdump -v -e '/1 "%02X"'; echo
> 4D7950617373706872617365

HTH,

Peter.

PS: On your replies, could you edit the Subject:-line to remove all the 
repeated strings of Re: or AW:?

PPS: I've never understood, by the way, why the people who write e-mail clients 
that translate those headers (Reply -> Antwort) don't implement some 
functionality to automatically prevent the madness of repeated headers in 
different languages. Your system even seems to repeat when it's in the same 
language? Here in The Netherlands, I also see stuff like "Re: Aw: Re: Aw: Re: 
the subject" come by. Really annoying, IMO.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

help - Libkcmutils.dll

[Brenda Hales]

Newbie here 😊 managed to set up my own key pair but can import other persons 
public key – get 3 fault messages all similar to title one.

And  utils.dll scanregw.errors 

Newbie totally lost ☹ 

Help most appreciated

Sent from Mail for Windows 10

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: WINDOWS - Adding passphrase to gpg via command line

[Peter Lebbing]

On 15/06/16 08:33, Mike Kaufmann wrote:
> See also the attached screenshot. Do you habe any other ideas?

You're missing some necessary quoting. Right now, you're sending four 
separate commands instead of a single command with three options!

gpg-connect-agent 'preset_passphrase 74EC3FAA93CD49446EC6825C3EBEB2C336CCBE2A 
-1 4D7950617373706872617365' /bye

should do the trick. Or if the Windows command line doesn't like 
quoting with apostrophes, you could do

gpg-connect-agent "preset_passphrase 74EC3FAA93CD49446EC6825C3EBEB2C336CCBE2A 
-1 4D7950617373706872617365" /bye

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: With colons: Where is my curve? (rsa+ecc mixed key)

[Guilhem Moulin]

On Tue, 14 Jun 2016 at 23:17:59 +0200, Werner Koch wrote:
> On Tue, 14 Jun 2016 14:11, manto...@vollbio.de said:
>> This key has been created as a more or less default 3k RSA key, and I added 
>> an
>> ECC encryption subkey with curve25519 after creation.
>> What I am missing is the curve field filled for the subkey.
> 
> Ooops.  Here is the fix I just pushed to the repo:

FWIW, the exact same fix I proposed on February 2nd in
<1454434791-31608-1-git-send-email-guil...@fripost.org> was overlooked
:-(  Good that it now landed to master, though.

-- 
Guilhem.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: AW: WINDOWS - Adding passphrase to gpg via command line

[Peter Lebbing]

Hi,

> Any further ideas? I am despairing slowly but surely...

When I purposely enter the wrong passphrase, the PRESET_PASSPHRASE
command succeeds, but subsequently the pinentry will pop up to prompt
for the correct passphrase when I try to do anything with the key.

So you might have a mistake in the passphrase?

You could create a test key and set its passphrase to be test, and
explicitly use the hexified version of the word test to try if it works
then, since we obviously can't tell you if you've made a mistake with
hexifying your real passphrase :-).

By the way, depending on your situation, it might not be worse to use
your key without a passphrase. Your key is encrypted when stored on disk
so that an attacker getting hold of the file doesn't yet have your key.
However, when you use gpg-preset-passphrase in a way that stores the
passphrase argument plainly on disk as well, the attacker can simply
read that file as well and decrypt your key. In such situations, the
encryption serves no purpose (other than to make you despair slowly but
surely). But in other situations, it can be more secure to use a
passphrase, so it all depends.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[Announce] Libgcrypt 1.7.1 released

[Werner Koch]

Hello!

The GnuPG Project is pleased to announce the availability of Libgcrypt
version 1.7.1.  This is a maintenace release.

Libgcrypt is a general purpose library of cryptographic building blocks.
It is originally based on code used by GnuPG.  It does not provide any
implementation of OpenPGP or other protocols.  Thorough understanding of
applied cryptography is required to use Libgcrypt.


Noteworthy changes in version 1.7.1
===

 * Bug fixes:

   - Fix ecc_verify for cofactor support.

   - Fix portability bug when using gcc with Solaris 9 SPARC.

   - Build fix for OpenBSD/amd64

   - Add OIDs to the Serpent ciphers.

 * Internal changes:

   - Use getrandom system call on Linux if available.

   - Blinding is now also used for RSA signature creation.

   - Changed names of debug envvars


Download


Source code is hosted at the GnuPG FTP server and its mirrors as listed
at https://gnupg.org/download/mirrors.html .  On the primary server
the source tarball and its digital signature are:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.1.tar.bz2 (2776k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.1.tar.bz2.sig

That file is bzip2 compressed.  A gzip compressed version is here:

 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.1.tar.gz (3314k)
 ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.1.tar.gz.sig

The same files are also available via HTTP:

 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.1.tar.bz2 
 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.1.tar.bz2.sig
 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.1.tar.gz 
 https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.1.tar.gz.sig

In order to check that the version of Libgcrypt you downloaded is an
original and unmodified file please follow the instructions found at
.  In short, you may
use one of the following methods:

 - Check the supplied OpenPGP signature.  For example to check the
   signature of the file libgcrypt-1.7.1.tar.bz2 you would use this
   command:

 gpg --verify libgcrypt-1.7.1.tar.bz2.sig libgcrypt-1.7.1.tar.bz2

   This checks whether the signature file matches the source file.  You
   should see a message indicating that the signature is good and made
   by one or more of the release signing keys. 

 - If you are not able to use GnuPG, you have to verify the SHA-1
   checksum:

 sha1sum libgcrypt-1.7.1.tar.bz2

   and check that the output matches the first line from the
   this list:

b688add52b622bb96bbd823ba21aa05a116d442f  libgcrypt-1.7.1.tar.bz2
7310ed270c3a98b74acb58bcc95a2b4f596417cb  libgcrypt-1.7.1.tar.gz

   You should also verify that the checksums above are authentic by
   matching them with copies of this announcement.  Those copies can be
   found at other mailing lists, web sites, and search engines.
   

Copying
===

Libgcrypt is distributed under the terms of the GNU Lesser General
Public License (LGPLv2.1+).  The helper programs as well as the
documentation are distributed under the terms of the GNU General Public
License (GPLv2+).  The file LICENSES has notices about contributions
that require that these additional notices are distributed.


Support
===

For help on developing with Libgcrypt you should read the included
manual and optional ask on the gcrypt-devel mailing list [1].  A
listing with commercial support offers for Libgcrypt and related
software is available at the GnuPG web site [2].

If you are a developer and you may need a certain feature for your
project, please do not hesitate to bring it to the gcrypt-devel
mailing list for discussion.

Maintenance and development of Libgcrypt is mostly financed by
donations; see .  We currently employ
3 full-time developers, one part-timer, and one contractor to work on
GnuPG and closely related software like Libgcrypt.


Thanks
==

We like to thank all the people who helped with this release, be it
testing, coding, translating, suggesting, auditing, administering the
servers, spreading the word, and answering questions on the mailing
lists.  Also many thanks to all our donors [3].


For the GnuPG hackers,

   Werner



p.s.
This is an announcement only mailing list.  Please send replies only to
the gcrypt-devel 'at' gnupg.org mailing list.


[1] https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
[2] https://www.gnupg.org/service.html
[3] https://gnupg.org/donate/kudos.html
-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
/* EFH in Erkrath: https://alt-hochdahl.de/haus */


pgpLFNuHdKzHV.pgp
Description: PGP signature
___
Gnupg-announce mailing list
gnupg-annou...@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-announce___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Issue with PIVKey C910 PKI Smart Card

[Joshua Terrill]

Ah nevermind, looks like that card doesn't support PGP. I have a g10 card
coming in a few days. Hopefully that will work.

On Wed, Jun 15, 2016 at 1:48 PM, Joshua Terrill 
wrote:

> I just bought a SCM reader (
> https://www.amazon.com/gp/product/B002N3MM6W/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1)
> and PIVKey C910 PKI Smart Card (
> https://www.amazon.com/gp/product/B00SJV2CNK/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1
> )
>
> I'm running Windows 10, and installed GPG from GPG4Win (
> https://www.gpg4win.org/)
>
> I'm looking at all these articles online that say you should be able to
> edit the card by typing in gpg --card-edit, but when I type that in, I get
> this:
>
> gpg: detected reader `SCM Microsystems Inc. SCR33x USB Smart Card Reader 0'
> Please insert the card and hit return or enter 'c' to cancel:
>
> So I've tried taking out the card, putting it back in, restarting the
> windows service in task manager, unplugging the reader, plugging it back
> in, etc. Nothing changes.
>
> When I try gpg2 --card-edit, I get gpg: OpenPGP card not available: Not
> supported.
>
> I am typing this in, in a windows command prompt running as administrator.
>
> Any suggestions? I'm trying to get some pgp keys onto the card and use it
> for decrypting, signing, etc.
>
> --
> Josh Terrill // developer
> 209-676-7334
>
>


-- 
Josh Terrill // developer
209-676-7334
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Issue with PIVKey C910 PKI Smart Card

[Joshua Terrill]

I just bought a SCM reader (
https://www.amazon.com/gp/product/B002N3MM6W/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1)
and PIVKey C910 PKI Smart Card (
https://www.amazon.com/gp/product/B00SJV2CNK/ref=oh_aui_detailpage_o00_s00?ie=UTF8&psc=1
)

I'm running Windows 10, and installed GPG from GPG4Win (
https://www.gpg4win.org/)

I'm looking at all these articles online that say you should be able to
edit the card by typing in gpg --card-edit, but when I type that in, I get
this:

gpg: detected reader `SCM Microsystems Inc. SCR33x USB Smart Card Reader 0'
Please insert the card and hit return or enter 'c' to cancel:

So I've tried taking out the card, putting it back in, restarting the
windows service in task manager, unplugging the reader, plugging it back
in, etc. Nothing changes.

When I try gpg2 --card-edit, I get gpg: OpenPGP card not available: Not
supported.

I am typing this in, in a windows command prompt running as administrator.

Any suggestions? I'm trying to get some pgp keys onto the card and use it
for decrypting, signing, etc.

-- 
Josh Terrill // developer
209-676-7334
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users