Re: git commit signing: Asked for smartcard as it's plugged in
Gabriel Augendre wrote: > Whenever I need to sign a git commit, I need to plug my Yubikey in and > type the pin code. That works perfectly just after logging into my > session, but if the computer goes to sleep (that's my guess, not sure > about that) and I wake it up and try to sign another commit, GPGTools > pinentry keeps asking to plug the yubikey in even though it's already > there. I think that this is related to the bug report: https://dev.gnupg.org/T3825 I found that there are (at least four) different issues; Device firmware problem, GnuPG scdaemon problem, PC/SC problem for GNU/Linux, and Linux kernel problem. Since your case is on macOS, latter two are not relevant. I think that Yubikey somehow doesn't work well for USB suspend. For this problem, please contact the manufacturer. I fixed a problem of GnuPG scdaemon and implemented work around for device problem. It will be in 2.2.6. With the fix and the work around, scdaemon tries to reset device after such a failure. So, you won't need to manually re-plug your device, but PIN input will be required, since the device will be reset. For GNU/Linux, I'd recommend to use internal CCID driver, instead. It seems that PC/SC development doesn't have an interest for suspend/resume. The kernel problem is here: https://www.spinics.net/lists/kernel/msg2757378.html Since it is a kind of corner case which has been there long time, I could not expect fix will be included soonish (or even getting attention). Thus, I changed scdaemon using pipe instead of signal (in forthcoming 2.2.6). -- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
git commit signing: Asked for smartcard as it's plugged in
Hello, This question has originally been posted to GPGTools support [1], who redirected me there. I'm trying to use GPGTools for git commit signing, using a MacBook Air (macOS 10.13.3) and gpg version 2.2.3. I used this tutorial [2] (I guess, it was a while ago) to generate a key pair and add subkeys to my yubikey. Whenever I need to sign a git commit, I need to plug my Yubikey in and type the pin code. That works perfectly just after logging into my session, but if the computer goes to sleep (that's my guess, not sure about that) and I wake it up and try to sign another commit, GPGTools pinentry keeps asking to plug the yubikey in even though it's already there. As a workaround, I'm forced to go to the terminal, killall gpg-agent and then retry the operation, then it works. Do you have any idea why that happens ? Best regards, Gabriel [1] https://gpgtools.tenderapp.com/discussions/problems/69206-asked-for-smartcard-as-its-plugged-in [2] https://www.yubico.com/support/knowledge-base/categories/articles/use-yubikey-openpgp/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Features vs versions
Hi, I'm working with libgcrypt in a CentOS 7 distribution that includes version 1.5.3... I'd like to use GCRY_CIPHER_MODE_CCM but this https://markmail.org/message/pavkgenzrd4mmbpu makes me think that it isn't available in 1.5.3? Is there an easy table of what features became stable in libgcrypt vs when? I see the old releases here: https://github.com/gpg/libgcrypt/releases but it's a little cumbersome to download and search the source, and even then that's not always a good way to judge stability. Thanks, Mike ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is signing a file with multiple keys possible
On Sat, 24 Mar 2018 00:31, gnupg-users@gnupg.org said: > For Example: John, Harry and Sally wrote a file, lets assume it is a > text file. Now all of them want to sign this file, so that when > verifying it, all three signatures are visible. If you use binary detached signatures (-sb) this is pretty easy. You can simply concatenate the signature files. We do this for gnupg releases. gnupg/build-auc/append-signature.sh is a script which helps with this workflow. If the messages are armored you need to de-armor (gpg --dearmor) them first, concatenate and en-armor them. Finnally fix up the armor lines. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpkmMztVjDpt.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: compilation error for libgpg-error-1.28 on armhf
On Sat, 24 Mar 2018 23:26, mac3...@gmail.com said: > it possible to easily make speedo use v1.27? After the first attempt modify the downloaded swdb.lst file and add CUSTOM_SWDB=1 to the make -f ... line. That should by pass the integrity check and download the version you entered there. I try to get a 1.29 out this week. Salam-Shalom, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpcrvyVwDOgn.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
