Re: :-(( Re: smart card no longer works

2016-09-09 Thread NIIBE Yutaka 
On 09/09/2016 11:52 PM, Philip Jackson wrote:
>> Packaging in Debian had been changed.  Now scdaemon is in a package of
>> "scdaemon" (used to be in "gnupg2" package).
>>
> 
> I have now installed the missing scdaemon deb package and that makes a
> big improvement as far as gpg2 is concerned.
> 
> Both gpg and gpg2 --card-status return essentially the same data which
> looks good.

Good.

> gpg: public key decryption failed: Operation cancelled
> gpg: decryption failed: No secret key
> 
> Since in my first attempts, the pinentry window which came up was
> anonymous, I supposed there might be a problem with the choice of
> pinentry.  So I put "pinentry-program /usr/bin/pinentry-gtk-2" into the
> gpg-agent.conf file.
> 
> The pinentry dialogue is no longer anonymous, it does say
> pinentry-gtk-2, but the result is the same, no decrypt.

I don't have any experience with this error behavior.  Please describe
the situation and the interaction; Did you input passphrase and push
[OK] button, and then gpg failed?

Please try again with pinentry-curses and/or pinentry-tty.  Does it work?
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Keybase integration with GnuPG?

2016-09-09 Thread Robert J. Hansen 
> Are there any current plans to integrate Keybase.io into GnuPG at some
> point in the future?

(ObWarning: I am not a GnuPG developer.)

I think this is unlikely to occur.  Werner's spoken out pretty strongly
against the keybase.io model, which relies heavily on social media outlets
like Facebook to provide confidence in an identity.  However, few people in
the privacy community like or trust Facebook, which makes relying on
something like keybase.io problematic -- it looks too much like GnuPG is
encouraging the use of a platform (FB) that it's philosophically opposed to.

The counterargument is that keybase.io works just fine with several other
back-ends which are more respecting of privacy -- and if a user wishes to
trust FB, why should GnuPG refuse to honor that user's choice?




___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Keybase integration with GnuPG?

2016-09-09 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Are there any current plans to integrate Keybase.io into GnuPG at some
point in the future? In my mind, doing so might present a bit stronger
validation that TOFU and a lot easier use to newbies than the WoT,
which is pretty much useless if the person is new to PGP.

Thanks,
Anthony

- -- 
OpenPGP Key:4096R/0x028ADF7453B04B15
C5CE E687 DDC2 D12B 9063  56EA 028A DF74 53B0 4B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP/Jabber:cajunt...@dukgo.com
VoIP/SIP:   1259...@localphone.com


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX0va9AAoJEAKK33RTsEsVOAoQAKqXFzs1ABV3pcyLFyk6Ceu4
jT23oL2kaGtu7pJtFLGOQdUooUzwKbBV6q2nLFhd0OEulFeYyR3gdpV2K6RdWLvk
NnfNGzIeUPaXNhV2kGm0ibaZOjL+JuZEFfo5kC+qiXINDoP/OXyetmrVCN8G8OwQ
6bXtK5NAlZv6Z/XYoGUdCkk/S7lpYBw/ycmzvfR/xWQAwUKxRlZdbfSpCT4M5fpq
Nnt38nNsUv5uR9U/AleimiET/lpNVl0Iz6dqgrISnbbJOUw3AzYt6yRWqEzTmOha
GjrQ7j77G/d7q4c+tcfw9BXNkFQWCnbGSsJ/It0zr46TGhsWVf08hh8Fl8+p/3I1
+pe5ZydK3itdgk/u2b9tw6nj1/IrSega7QVDvoDgcVioWKwx8OUbB6YjE/6FeBg3
NxFtI8c74I1qmKThF9mSnBFx6fJOoiz/ydcQlRrFd/6aWkwsh2dViGz+UpmRaDD7
/6HT7UUvszOhn0ewo4kokDb5zWtF6xdrXwnCd2V+pMz2hgk1lXUpd/cG6dX5XZ4g
XSQxStBJVjxo5HhBPM6nBCea5X7HzLTtSpdsXthhVnoVhkhiPYOMddaSk3zc4Reo
zez8CgMB22QwKtIH+42mKCVfl54EJtPWfjFNXusIRfMM+HL4Ke/gzaxTjblMvhyC
1B/LanuL3pT7QNpjy34t
=o7AY
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: :-(( Re: smart card no longer works

2016-09-09 Thread Philip Jackson 
On 09/09/16 06:16, NIIBE Yutaka wrote:
> On 09/09/2016 05:21 AM, Robert J. Hansen wrote:
>>> The last I checked, Ubuntu's stock install did not include smartcard
>> drivers.

> 
> Please use the standard scdaemon from GnuPG.

> PC/SC service is optional.  In-stock CCID driver of GnuPG just works
> well in most cases.  Only when it doesn't work, please try
> to install pcscd and libpcsclite1.

As I recall, in Ubuntu 14.04 I just used the in-stock driver in gnupg.

> Packaging in Debian had been changed.  Now scdaemon is in a package of
> "scdaemon" (used to be in "gnupg2" package).
> 

I have now installed the missing scdaemon deb package and that makes a
big improvement as far as gpg2 is concerned.

Both gpg and gpg2 --card-status return essentially the same data which
looks good.

For decrypting a file, both gpg and "gpg2 -o output_file -d
input_file.gpg" fail with the same message :


gpg: public key is 0x79D467BFF5DF6C91
gpg: using subkey 0x79D467BFF5DF6C91 instead of primary key
0x26BD500A23543A63
gpg: using subkey 0x79D467BFF5DF6C91 instead of primary key
0x26BD500A23543A63
gpg: encrypted with 2048-bit RSA key, ID 0x79D467BFF5DF6C91, created
2014-10-28
  "Philip Jackson (Jan 2013 +) "
gpg: public key decryption failed: Operation cancelled
gpg: decryption failed: No secret key

Since in my first attempts, the pinentry window which came up was
anonymous, I supposed there might be a problem with the choice of
pinentry.  So I put "pinentry-program /usr/bin/pinentry-gtk-2" into the
gpg-agent.conf file.

The pinentry dialogue is no longer anonymous, it does say
pinentry-gtk-2, but the result is the same, no decrypt.

Philip


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg-agent only works when started in terminal

2016-09-09 Thread Stephan Beck 
Hi Antony,

just some ideas to (possibly) track it down...

Antony Prince:
> I know this has got to be something simple. When invoking gpg2 normally
> to decrypt, I get:
> 
> gpg: encrypted with 4096-bit RSA key, ID 0E98CD22ADB13E99, created
> 2015-05-06
>   "Antony Prince "
> gpg: public key decryption failed: No pinentry
> gpg: decryption failed: No secret key

AFAIK, this means that the agent is not started when you "invoke gpg2
normally" (directly from the command line?), so the environment may be
incorrectly set. Or is there more than one agent instance running?
What does a
gpg-agent --daemon --write-env-file
output in terms of GPG-AGENT_INFO?
Is the correct socket being used?
> 
> I have pinentry-program set properly in ~/.gnupg/gpg-agent.conf.

And you symlinked /usr/bin/pinentry and the pinentry you might actually use?
> 
> If I do:
> 
> killall gpg-agent
> gpg-agent --daemon /bin/sh
> 
> The pinentry appears as it should and all is fine.

Yes, because using --daemon /bin/sh the environment is reset.

Stebe

> I also have:
> 
> GPG_TTY=$(tty)
> export GPG_TTY
> 
> set in ~/.bashrc as I saw that mentioned somewhere as well.
> 
> agent info:
> gpg-agent[14849]: gpg-agent (GnuPG) 2.1.15 started
> 
> gpg info:
> antony@050415:~$ gpg2 --version
> gpg (GnuPG) 2.1.15
> libgcrypt 1.7.3
> Copyright (C) 2016 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> 
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Home: /home/antony/.gnupg
> Supported algorithms:
> Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
> CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> 
> If anyone has any ideas, I'm all for them.
> 
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users