Re: gpg 2.2.x devuan jessie no TOFU TLS
Werner Koch: > On Thu, 26 Oct 2017 16:00, fulanope...@cryptolab.net said: > >> checking for LIBGNUTLS... no > > The minimal requirement is GNUTLS 3.0 - please check that you have the > 3.x -dev package installed. You should also consult config.log to check > why GNUTLS was not found. > > > Salam-Shalom, > >Werner installing pkg-config found them ! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify that the file is from who I expect it to be from
On Fri, 27 Oct 2017 05:55, dan.ho...@redbone.co.nz said: > Thanks - I get the line saying "good signature" i n my message, but are you > saying that I have to grep the output for the message and the email address > of the encryptor? Never ever do this. You need to use --status-fd to get well defined strings. For example $ gpg --verify --status-fd 1 x.msg 2>/dev/null \ | awk '$1=="[GNUPG:]" && $2=="VALIDSIG" {print $3}' prints the fingerprint of the signing iff the signature is valid. Take care that you know what is actually verified. The best way to accomplish this is to use detached signatures. Anyway, using gpgv is in most cases much more robust (see my other mail). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpvbdVFnnwet.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Verify that the file is from who I expect it to be from
On Fri, 27 Oct 2017 06:01, dan.ho...@redbone.co.nz said: > gpg2 --verify-sign Verification against a set of known keys is done using gpgv gpgv FILE which uses ~/.gnupg/trustedkeys.gpg. To specifiy another file with keys you use gpgv --keyring KEYRING FILE here is how we do this when building GnUPG using the Speedo scripts: if ! $GPGV --keyring "$distsigkey" swdb.lst.sig swdb.lst; then echo "list of software versions is not valid!" >&2 exit 1 fi This is from gnupg/build-aux/getswdb.sh. To create the file with the keys you can do this: gpg --export --export-options export-minimal FPR1 FPR2 FPR2 >trustedkeys.gpg Do _not_ use --armor. --export-options is not really required but strips down the size of the key. @Rob: Shouldn't we mention gpgv in the FAQ? Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpqFduEBlmWG.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg 2.2.x devuan jessie no TOFU TLS
On Thu, 26 Oct 2017 16:00, fulanope...@cryptolab.net said: > checking for LIBGNUTLS... no The minimal requirement is GNUTLS 3.0 - please check that you have the 3.x -dev package installed. You should also consult config.log to check why GNUTLS was not found. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpDet_XVd9kT.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg 2.2.x devuan jessie no TOFU TLS
Forwarded Message Subject: Re: gpg 2.2.x devuan jessie no TOFU TLS Date: Fri, 27 Oct 2017 17:36:09 +1100 From: Fulano Diego PerezTo: GnuPG Users , d...@lists.dyne.org Daniel Kahn Gillmor: > On Fri 2017-10-27 01:00:36 +1100, Fulano Diego Perez wrote: >> cannot work this out >> >> installed sqlite3 and gnutls available packages and -dev packages > > what versions of these packages did you install? can you provide more > explicit details? aside from below i installed latest gnu package dependencies Package: libgnutls28-dev New: yes State: installed Automatically installed: no Multi-Arch: same Version: 3.3.8-6+deb8u7 Priority: optional Section: libdevel Maintainer: Debian GnuTLS Maintainers Architecture: amd64 Uncompressed Size: 2,957 k Depends: libgnutls-deb0-28 (= 3.3.8-6+deb8u7), libgnutlsxx28 (= 3.3.8-6+deb8u7), nettle-dev (>= 2.5), libc6-dev | libc-dev, zlib1g-dev, libtasn1-6-dev (>= 3.9), libp11-kit-dev, libgnutls-openssl27 (= 3.3.8-6+deb8u7) Suggests: gnutls-doc, gnutls-bin, guile-gnutls Conflicts: gnutls-dev Replaces: gnutls-dev Provides: gnutls-dev, libgnutls-openssl-dev Description: GNU TLS library - development files Package: libsqlite3-dev New: yes State: installed Automatically installed: no Multi-Arch: same Version: 3.8.7.1-1+deb8u2 Priority: optional Section: libdevel Maintainer: Laszlo Boszormenyi (GCS) Architecture: amd64 Uncompressed Size: 1,542 k Depends: libsqlite3-0 (= 3.8.7.1-1+deb8u2), libc6-dev Suggests: sqlite3-doc Description: SQLite 3 development files > > the debian packages build fine on stretch and later, but i'm reluctant > to try to backport them to jessie myself these days. Such a port would > introduce too many platform-level incompatibilities. > > --dkg > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users