Re: Houston, we have a problem
On Fri, 22 Sep 2017 at 22:32:37 +0200, Kristian Fiskerstrand wrote: > And what happens if you do gpg --import-options import-clean --recv-key > ? is the bad MPI value sigs removed or still there in that case? Should be `gpg --keyserver-options import-clean --recv-key $keyid`; or alternatively, `gpg --edit-key $keyid clean save` if you want to do it offline. Both commands removes these “Bad MPI value” sigs here (2.2.1), and `--check-sigs` reports that all remaining signatures are indeed valid. -- Guilhem. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On Fri, 22 Sep 2017 23:16:55 +0200, Guilhem Moulin wrote: > On Fri, 22 Sep 2017 at 22:32:37 +0200, Kristian Fiskerstrand wrote: > > And what happens if you do gpg --import-options import-clean > > --recv-key ? is the bad MPI value sigs removed or still there in > > that case? > > Should be `gpg --keyserver-options import-clean --recv-key $keyid`; or > alternatively, `gpg --edit-key $keyid clean save` if you want to do it > offline. Both commands removes these “Bad MPI value” sigs here > (2.2.1), and `--check-sigs` reports that all remaining signatures are > indeed valid. That did the trick. Thanks a lot! :-) Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On Fri, 22 Sep 2017 22:52:13 +0200, Kristian Fiskerstrand wrote: > On 09/22/2017 10:48 PM, Stefan Claas wrote: > > On Fri, 22 Sep 2017 22:32:37 +0200, Kristian Fiskerstrand wrote: > > > >>> And in place of the fake sigs it says erroneous MPI value. :-) > >> > >> And what happens if you do gpg --import-options import-clean > >> --recv-key ? is the bad MPI value sigs removed or still there in > >> that case? > > > > Unfortunately still there. > > Well, it doesn't really do anything, as the signature will be checked > when calculating the trust database for the web of trust, but indeed, > need to use --check-sigs explicitly in your use case then. O.k. and thanks a lot for your help! Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On 09/22/2017 10:48 PM, Stefan Claas wrote: > On Fri, 22 Sep 2017 22:32:37 +0200, Kristian Fiskerstrand wrote: >>> And in place of the fake sigs it says erroneous MPI value. :-) >> >> And what happens if you do gpg --import-options import-clean >> --recv-key ? is the bad MPI value sigs removed or still there in that >> case? > > Unfortunately still there. Well, it doesn't really do anything, as the signature will be checked when calculating the trust database for the web of trust, but indeed, need to use --check-sigs explicitly in your use case then. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Potius sero quam numquam Better late then never signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On Fri, 22 Sep 2017 22:32:37 +0200, Kristian Fiskerstrand wrote: > On 09/22/2017 10:29 PM, Stefan Claas wrote: > > On Fri, 22 Sep 2017 22:17:17 +0200, Kristian Fiskerstrand wrote: > >> On 09/22/2017 10:08 PM, Stefan Claas wrote: > >>> Thanks for the information! Can you tell me please how to import > >>> a pub key with a local client, so that invalid data get's removed > >>> automatically? When doing a gpg --receive-key key-id the fake data > >>> is not removed. > >> > >> What does gpg --check-sigs report? > > > > Ah... it reports (in german) 3 correct sigs and 2 not checked > > because of errors. > > > > And in place of the fake sigs it says erroneous MPI value. :-) > > And what happens if you do gpg --import-options import-clean > --recv-key ? is the bad MPI value sigs removed or still there in that > case? Unfortunately still there. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-agent UI when waiting for smart card touch?
Hi, I'm using gpg-agent with Yubikeys configured to require a physical touch before performing operations. Is there any way to get gpg-agent to display something on screen when it's waiting for me to touch the Yubikey? (Otherwise, I sometimes don't realize it's waiting for anything, and the operation times out.) -- Freelance cyber security consultant, software developer, and more https://david.mandelberg.org/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On 09/22/2017 10:29 PM, Stefan Claas wrote: > On Fri, 22 Sep 2017 22:17:17 +0200, Kristian Fiskerstrand wrote: >> On 09/22/2017 10:08 PM, Stefan Claas wrote: >>> Thanks for the information! Can you tell me please how to import >>> a pub key with a local client, so that invalid data get's removed >>> automatically? When doing a gpg --receive-key key-id the fake data >>> is not removed. >> >> What does gpg --check-sigs report? > > Ah... it reports (in german) 3 correct sigs and 2 not checked because of > errors. > > And in place of the fake sigs it says erroneous MPI value. :-) And what happens if you do gpg --import-options import-clean --recv-key ? is the bad MPI value sigs removed or still there in that case? -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Veni, vidi, vacatum I came , I saw, I left signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Houston, we have a problem
On Fri, 22 Sep 2017 22:17:17 +0200, Kristian Fiskerstrand wrote: > On 09/22/2017 10:08 PM, Stefan Claas wrote: > > Thanks for the information! Can you tell me please how to import > > a pub key with a local client, so that invalid data get's removed > > automatically? When doing a gpg --receive-key key-id the fake data > > is not removed. > > What does gpg --check-sigs report? Ah... it reports (in german) 3 correct sigs and 2 not checked because of errors. And in place of the fake sigs it says erroneous MPI value. :-) Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg 2.1.19 fails to generate key pair
it works with: phablet@ubuntu-phablet-bq:~$ ./gpg2.sh --version gpg-agent[28499]: enabled debug flags: mpi crypto memory cache memstat hashing ipc gpg-agent: a gpg-agent is already running - not starting a new one gpg-agent: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0 outmix=0 getlvl1=0/0 getlvl2=0/0 gpg-agent: secmem usage: 0/32768 bytes in 0 blocks gpg (GnuPG) 2.2.1 libgcrypt 1.8.1 ... phablet@ubuntu-phablet-bq:~$ ~/gpg2.sh --full-generate-key ... ┌──┐ │ Please re-enter this passphrase │ │ │ │ Passphrase: ***_ │ │ │ │ │ └──┘ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /home/phablet/.gnupg/trustdb.gpg: trustdb created gpg: key 3FECB79DDDA409E4 marked as ultimately trusted gpg: directory '/home/phablet/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/phablet/.gnupg/openpgp-revocs.d/41E0B3688FDD76C9337ECD873FECB79DDDA409E4.rev' public and secret key created and signed. pub rsa2048 2017-09-22 [SC] 41E0B3688FDD76C9337ECD873FECB79DDDA409E4 uid Matthias Apitz (test) sub rsa2048 2017-09-22 [E] -- Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On 09/22/2017 10:08 PM, Stefan Claas wrote: > Thanks for the information! Can you tell me please how to import > a pub key with a local client, so that invalid data get's removed > automatically? When doing a gpg --receive-key key-id the fake data > is not removed. What does gpg --check-sigs report? -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Primum ego, tum ego, deinde ego First I, then I, thereafter I. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: automatic conversion from keyring to keybox files?
On Thu 2017-09-21 23:47:14 +0100, MFPA wrote: > Now that the upgrade path for GnuPG 2.0.x users is to 2.2.x versions, > will be there any automatic conversion from keyring to keybox files, > either offered by the installer or available as a command? On debian systems, you can run: migrate-pubring-from-classic-gpg And it should handle things sanely. --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On Fri, 22 Sep 2017 21:44:06 +0200, Kristian Fiskerstrand wrote: > On 09/22/2017 09:40 PM, Kristian Fiskerstrand wrote: > > So all is as it is supposed to be > > Just to add, the alternative if not considering WoT is a direct > validation structure, a user in this case should only (locally) sign > keyblock information of communication peers after a direct fingerprint > exchange in person, that removes any need for adding ownertrust to > keys not your own and simplifies the model. Good points, thanks! Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On Fri, 22 Sep 2017 21:40:41 +0200, Kristian Fiskerstrand wrote: > On 09/22/2017 09:34 PM, Stefan Claas wrote: > >>> O.k. i just tested a bit and this is a bug int the Web Interface > >>> and in GnuPG's CLI Interface. > >> I don't see a bug here. > > Now i am a bit confused... Then maybe a "funny" design flaw? I mean > > what should users unfamiliar with the whole WoT procedure may > > think when seeing a fake "sig3" (which they may not spot) and then > > clicking on the key-id in question, which then links to the original > > key? > > > > No, its not a design flaw, it is valid design. OpenPGP keyblock > information is based on an object based security model where packets > are added, but don't carry any meaning until the signature has been > verified. The public keyserver network is by design not a trusted > third party, and can not be, so keyblock needs to be imported using a > local client at which point invalid data, including invalid > signatures, results in discarding of the data, which would filter out > the signature in this case. > > So all is as it is supposed to be Thanks for the information! Can you tell me please how to import a pub key with a local client, so that invalid data get's removed automatically? When doing a gpg --receive-key key-id the fake data is not removed. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On 09/22/2017 09:40 PM, Kristian Fiskerstrand wrote: > So all is as it is supposed to be Just to add, the alternative if not considering WoT is a direct validation structure, a user in this case should only (locally) sign keyblock information of communication peers after a direct fingerprint exchange in person, that removes any need for adding ownertrust to keys not your own and simplifies the model. -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 Nunc aut numquam Now or never signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On 09/22/2017 09:34 PM, Stefan Claas wrote: >>> O.k. i just tested a bit and this is a bug int the Web Interface >>> and in GnuPG's CLI Interface. >> I don't see a bug here. > Now i am a bit confused... Then maybe a "funny" design flaw? I mean > what should users unfamiliar with the whole WoT procedure may > think when seeing a fake "sig3" (which they may not spot) and then > clicking on the key-id in question, which then links to the original > key? > No, its not a design flaw, it is valid design. OpenPGP keyblock information is based on an object based security model where packets are added, but don't carry any meaning until the signature has been verified. The public keyserver network is by design not a trusted third party, and can not be, so keyblock needs to be imported using a local client at which point invalid data, including invalid signatures, results in discarding of the data, which would filter out the signature in this case. So all is as it is supposed to be -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "By three methods we may learn wisdom: First, by reflection, which is noblest; Second, by imitation, which is easiest; and third by experience, which is the bitterest." (Confucius) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On Fri, 22 Sep 2017 20:29:07 +0200, Werner Koch wrote: > On Fri, 22 Sep 2017 19:23, stefan.cl...@posteo.de said: > > > O.k. i just tested a bit and this is a bug int the Web Interface > > and in GnuPG's CLI Interface. > > I don't see a bug here. Now i am a bit confused... Then maybe a "funny" design flaw? I mean what should users unfamiliar with the whole WoT procedure may think when seeing a fake "sig3" (which they may not spot) and then clicking on the key-id in question, which then links to the original key? > However, given that you use Posteo, you are in the good position to > use the Web Key Directory feature. This requires 2.2.1 because we > had to add some workaround for key upload due to changes at Posteo > which we didn't caught earlier. So people sending mail to you using > a GnuPG 2.2 would find your key instantly. It is not there right now: > > /usr/local/libexec/gpg-wks-client -v --check stefan.claas at posteo > de gpg-wks-client: public key for 'stefan.cl...@posteo.de' NOT found > via WKD Well, as i mentioned previously i have have no longer access to my key, due to my stupidness. I may consider to create a new one for posteo usage, but this may take a while. > You may use the latest Enigmail or Kmail to automate the upload but > you can also use Posteo's Web interface to upload the key. But take > care: Posteo does not allow a Name in the user id, only the mail > address (addr-spec) is allowed. Thus you need to add a second user > id with just your mailaddress and use gpg's filter stuff to export > only that UID. GnuPG 2.2.1 automates that tasks and creates another > user if needed. > > If you want to test this feature you may send a mail to clara.chefin > at posteo de, which is a test account of us. (You can also write to > the owner of Posteo to ask him why they still have an invalid > certificate for posteo.net addresses ;-). O.k thanks for the info. When time permits i will check this out. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg 2.1.19 fails to generate key pair
El día viernes, septiembre 22, 2017 a las 08:19:14p. m. +0200, Werner Koch escribió: > On Fri, 22 Sep 2017 17:24, g...@unixarea.de said: > > > I instructed via gpg-agent.conf the gpg-agent to do a debug log which > > follows. The proc gpg-agent crashes with SIG_BUS. > > That is why you see and EOF error from gpg. > I can imagine. That's why I attached the log of the gpg-agent. > We did a few more release after 2.1.19, which was released on March 1. > Not all fixed bugs are noted in the NEWS and it is also possible that > the SIGBUS comes from Libgcrypt. (run gpg-agent --version to see the > version of Libgcrypt). > > Please first try to build with a recent version (2.2.1 is current but > 2.1.23 should be okay) and the latest version of the respective > Libgcrypt branch. That would be easier for us than to try to figure out > a bug we might have already fixed. Ok. I will update to the most recent version. Btw: libcrypt is 1.7.0. > What OS and which platform are you using? I assume it is a BSD (or > Plan-9 ;-). No, wrong guess in this case. It is: phablet@ubuntu-phablet-bq:~$ uname -a Linux ubuntu-phablet 3.4.67 #1 SMP PREEMPT Mon Jun 6 12:04:40 UTC 2016 b75400e armv7l armv7l armv7l GNU/Linux an Ubuntu based smartphone. matthias -- Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On Fri, 22 Sep 2017 19:23, stefan.cl...@posteo.de said: > O.k. i just tested a bit and this is a bug int the Web Interface and in > GnuPG's CLI Interface. I don't see a bug here. However, given that you use Posteo, you are in the good position to use the Web Key Directory feature. This requires 2.2.1 because we had to add some workaround for key upload due to changes at Posteo which we didn't caught earlier. So people sending mail to you using a GnuPG 2.2 would find your key instantly. It is not there right now: /usr/local/libexec/gpg-wks-client -v --check stefan.claas at posteo de gpg-wks-client: public key for 'stefan.cl...@posteo.de' NOT found via WKD You may use the latest Enigmail or Kmail to automate the upload but you can also use Posteo's Web interface to upload the key. But take care: Posteo does not allow a Name in the user id, only the mail address (addr-spec) is allowed. Thus you need to add a second user id with just your mailaddress and use gpg's filter stuff to export only that UID. GnuPG 2.2.1 automates that tasks and creates another user if needed. If you want to test this feature you may send a mail to clara.chefin at posteo de, which is a test account of us. (You can also write to the owner of Posteo to ask him why they still have an invalid certificate for posteo.net addresses ;-). > > Regards > Stefan -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpsSZYqr6WSF.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg 2.1.19 fails to generate key pair
On Fri, 22 Sep 2017 17:24, g...@unixarea.de said: > I instructed via gpg-agent.conf the gpg-agent to do a debug log which > follows. The proc gpg-agent crashes with SIG_BUS. That is why you see and EOF error from gpg. We did a few more release after 2.1.19, which was released on March 1. Not all fixed bugs are noted in the NEWS and it is also possible that the SIGBUS comes from Libgcrypt. (run gpg-agent --version to see the version of Libgcrypt). Please first try to build with a recent version (2.2.1 is current but 2.1.23 should be okay) and the latest version of the respective Libgcrypt branch. That would be easier for us than to try to figure out a bug we might have already fixed. What OS and which platform are you using? I assume it is a BSD (or Plan-9 ;-). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgprV9Rbe2SS6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
On Thu, 21 Sep 2017 16:44:57 +0200, Stefan Claas wrote: > Hi all, > > http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=vindex&search=Erika+Mustermann > > Question for the experts, how can a casual or new GnuPG user, like > Alice and Bob, detect a Signature forgery on a pub key, when using > Web based key servers? > > Note for native English speakers, Erika Mustermann is well known among > german users, same as Jon Doe. O.k. i just tested a bit and this is a bug int the Web Interface and in GnuPG's CLI Interface. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg 2.1.19 fails to generate key pair
Hello, I've compile gpg 2.1.19 and all the required shared libs from source. The cmd sequence: LD_LIBRARY_PATH=/home/phablet/myRoot/usr/local/lib export LD_LIBRARY_PATH PATH=/home/phablet/myRoot/usr/local/bin:$PATH export PATH GNUPGHOME=/home/phablet/.gnupg export GNUPGHOME /home/phablet/myRoot/usr/local/bin/gpg-agent --homedir /home/phablet/.gnupg \ --daemon \ --pinentry-program /home/phablet/myRoot/usr/bin/pinentry-curses /home/phablet/myRoot/usr/local/bin/gpg-connect-agent /bye /home/phablet/myRoot/usr/local/bin/gpg2 --full-generate-key fails at the end (after the dialog and asking the passphrase) with: gpg: signing failed: End of file gpg: make_keysig_packet failed: End of file Key generation failed: End of file I instructed via gpg-agent.conf the gpg-agent to do a debug log which follows. The proc gpg-agent crashes with SIG_BUS. Any help? matthias 2017-09-22 16:46:49 gpg-agent[15163] listening on socket '/run/user/32011/gnupg/S.gpg-agent' 2017-09-22 16:46:49 gpg-agent[15163] listening on socket '/run/user/32011/gnupg/S.gpg-agent.extra' 2017-09-22 16:46:49 gpg-agent[15163] listening on socket '/run/user/32011/gnupg/S.gpg-agent.browser' 2017-09-22 16:46:49 gpg-agent[15163] listening on socket '/run/user/32011/gnupg/S.gpg-agent.ssh' 2017-09-22 16:46:49 gpg-agent[15166] gpg-agent (GnuPG) 2.1.19 started 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 -> OK Pleased to meet you, process 15167 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 <- RESET 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 <- OPTION ttyname=/dev/pts/58 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 <- OPTION ttytype=linux 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Y5hTZhXCoe 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 <- OPTION putenv=QT_IM_MODULE=maliitphablet 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 <- OPTION lc-ctype=en_GB.UTF-8 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 <- OPTION lc-messages=en_GB.UTF-8 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:49 gpg-agent[15166] DBG: chan_9 <- [eof] 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK Pleased to meet you, process 15169 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- RESET 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- OPTION ttyname=/dev/pts/58 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- OPTION ttytype=linux 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- OPTION putenv=DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-Y5hTZhXCoe 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- OPTION putenv=QT_IM_MODULE=maliitphablet 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- OPTION lc-ctype=en_GB.UTF-8 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- OPTION lc-messages=en_GB.UTF-8 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- GETINFO version 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> D 2.1.19 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- OPTION allow-pinentry-notify 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- OPTION agent-awareness=2.1.0 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- RESET 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> OK 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- GENKEY 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> S INQUIRE_MAXLEN 1024 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> INQUIRE KEYPARAM 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- D (genkey(rsa(nbits 4:2048))) 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- END 2017-09-22 16:46:59 gpg-agent[15166] starting a new PIN Entry 2017-09-22 16:46:59 gpg-agent[15166] DBG: connection to PIN entry established 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 -> INQUIRE PINENTRY_LAUNCHED 15347 unknown 0.8.3 ? ? ? 2017-09-22 16:46:59 gpg-agent[15166] DBG: chan_9 <- END 2017-09-22 16:47:30 gpg-agent[15166] starting a new PIN Entry 2017-09-22 16:47:30 gpg-agent[15166] DBG: connection to PIN entry established 2017-09-22 16:47:30 gpg-agent[15166] DBG: chan_9 -> INQUIRE PINENTRY_LAUNCHE
Use of Passphrase Callback
Hello, I am Using gnupg on windows and want to use "Passphrase Callback" functionality to input password for private key. My current lines of code is: error = gpgme_set_pinentry_mode(context,GPGME_PINENTRY_MODE_LOOPBACK); gpgme_passphrase_cb_t func = &passphrase_callback; gpgme_pinentry_mode_t pinMode = gpgme_get_pinentry_mode(context); void *pp = 0; gpgme_set_passphrase_cb(context,func,pp); and declaration of gpgme_passphrase_cb_t is gpgme_error_t passphrase_callback(void *opaque, const char *uid_hint, const char *desc,int prev_was_bad, int fd) but breakpoint on this function never hits. Kindly provide help on this or any example used to implement Passphrase CallBack. Thanks & Regards, Sandhya Sharma # " This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system." # ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Prince Jones v US
> Can you cite the case #. All I could find is an old "local appeals court in > Washington, D.C." ruling. I found nothing under the US Supreme Court. It was a DC Court of Appeals decision, not SCOTUS. It appears unlikely to hit SCOTUS. https://www.dccourts.gov/sites/default/files/2017-09/15-CF-322.pdf ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Prince Jones v US
On 09/22/2017 11:55 AM, Jerry wrote: > Can you cite the case #. All I could find is an old "local appeals court in > Washington, D.C." ruling. I found nothing under the US Supreme Court. See https://www.dccourts.gov/sites/default/files/2017-09/15-CF-322.pdf DISTRICT OF COLUMBIA COURT OF APPEALS No. 15-CF-322 09/21/2017 P RINCE J ONES , A PPELLANT , V . U NITED S TATES , A PPELLEE . Appeal from the Superior Court of the District of Columbia (CF1-18140-13) -- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 "Great things are not accomplished by those who yield to trends and fads and popular opinion." (Jack Kerouac) signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Prince Jones v US
On Fri, 22 Sep 2017 01:22:13 -0400, Robert J. Hansen stated: >Good news for US citizens: _Prince Jones v US_ was decided Thursday. >The important text from the opinion is recreated here, and the >implications for encrypted email follow. > >* * * * * > >But in addition to the fact that people reasonably value and hope to >protect the privacy of their location information, what necessitates our >conclusion is the _method_ by which the government obtained the location >information in this case. Unlike in a situation in which the government >determines a person's location through visual surveillance or by >employing the older generation of tracking devices, it cannot be argued >that "the information obtained by [the government] in this case was ... >readily available and in the public view". The cell-site simulator >employed in this case gave the government a powerful person-locating >capability that private actors do not have and that, as explained above, >the government itself had previously lacked -- a capability only >superficially analogous to the visual tracking of a suspect. And the >simulator's operation involved exploitation of a security flaw in a >device that most people now feel obligated to carry with them at all >times. Allowing the government to deploy such a powerful tool without >judicial oversight would surely "shrink the realm of guaranteed privacy" >far below that which "existed when the Fourth Amendment was adopted". It >would also place an individual in the difficult position either of >accepting the risk that at any moment his or her cellphone could be >converted into tracking device or of forgoing "necessary use of" the >cellphone. We thus conclude that under ordinary circumstances, the use >of a cell-site simulator to locate a person through his or her cellphone >invades the person's actual, legitimate, and reasonable expectation of >privacy in his or her location information and is a search. > >* * * * * > >The above is taken from the opinion -- citations omitted. But it >appears to me this logic is immediately applicable to many different >kinds of surveillance: namely, if it involves security flaws in common >everyday technologies which millions of Americans entrust with their >secrets and who really cannot reasonably avoid using... then it needs a >warrant. > >The implications for electronic privacy in the United States should be >clear. This is a really good development. :) Can you cite the case #. All I could find is an old "local appeals court in Washington, D.C." ruling. I found nothing under the US Supreme Court. -- Jerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OT: Which smartphone would you use
Hi, Jolla did an official port of SailfishOS to Sony Xperia X hardware. It's about one year old, but you still can get one in Europe for around 300€. Then you'll have to buy (49€) a Sailfish for Xperia license, and install it. The only point is the the image is not yet available for purchase, but it should be a matter of days... See https://blog.jolla.com/sailfishx/ Regards, Franck Le 21/09/2017 à 19:33, Thomas Hejze a écrit : Am Dienstag, 19. September 2017, 13:44:53 CEST schrieb Andreas Ronnquist: If I had the money, I would pledge for one of these: https://puri.sm/shop/librem-5/ That project looks promising, however, I fear I am not able to spend $924.000 for my smartphone ;-) Anyway that is what I am looking for, I hope they will make it. Nevertheless, even then it will take at least one year for them to bring their product to the market. Looking at Tizen, Jolla, Firefox OS and Ubuntu Touch, I start to worry for the future of Open Source. Isn't there a business case for a FOSS smartphone? Best regards Thomas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Houston, we have a problem
Am 22.09.2017 um 02:37 schrieb Ángel: On 2017-09-21 at 23:37 +0200, Stefan Claas wrote: Long ago when we had a discussion here on the Mailing List on how to prevent unwanted signatures i made a proposal that signing someone's public key should work similar to revocation certificates. If you would like to sign my pub key you had to send me a, let's call it, Signature Request Certificate, if i accept it i enter my passphrase and then the Software would extract the needed signature bits from the request cert and add those bits to my pub key. Like i said i'm no programmer and can't therefore test if such a feature proposal would work. Regards Stefan Nope. This would solve the case of «Key of legitimate user signed by fake user»¹ but not «Fake user signed by another fake user», which is the problem. ¹ Assuming the legitimate one would notice and not allow his key to be signed by the evil one, which is no problem, actually. The proposal would be technically feasible (invalidating all existing signatures, and probably conflicting with local sigs, but feasible). However, it wouldn't solve the underlying problem. Thanks for your insights, much appreciated! Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users