Re: Generating revocation certificate

2019-04-06 Thread Peter Lebbing 
Hi André,

On 06/04/2019 21:21, André Ockers wrote:
> which would probably be a bad idea, wouldn't it?

Quite! :-)

Your operating system probably still requires GnuPG 1.4, so you can't
remove it. But you can solemnly pledge not to use it... I wouldn't mess
with the "gpg" binary, though. Don't use some method to prevent your
access to it, or you might silently corrupt some utility that you use
under your user account that expects it to be 1.4.

This was all quite an ordeal for Debian to get right, there are a lot of
subtleties to deal with. I really think your best bet is to get that "2"
suffix in your muscle memory for when you use the command line.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating revocation certificate

2019-04-06 Thread André Ockers 
Hi Peter and list,


Op 06-04-19 om 21:02 schreef Peter Lebbing:
> The error message is really unclear, but the problem probably is that
> you should have used "gpg2" instead of "gpg", consistently. So just
> leave "gpg" behind and only use "gpg2" ever. Well, until an updated
> Trisquel drops the old 1.4 and both refer to the same version.
>
> GnuPG 1.4 and 2.1+ do not mix well in certain scenarios. You probably
> encountered one.

I'm now running Synaptic and when I try to remove gnupg, a pop up tells
me that automatically the following packages will be removed:

  * apt,
  * apt-listchanges,
  * apt-utils,
  * libcryptui0a,
  * seahorse-daemon,
  * seahorse-nautilus,
  * signing-party,
  * tasksel,
  * tasksel-data,
  * trisquel-desktop-common,
  * trisquel-keyring,
  * trisquel-minimal,
  * trisquel-release-upgrader-gtk,
  * unattended-upgrades,
  * update-manager,
  * update-notifier and
  * update-notifier-common

which would probably be a bad idea, wouldn't it?

Thank you,

Best regards,

André Ockers


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating revocation certificate

2019-04-06 Thread Peter Lebbing 
On 06/04/2019 18:50, Jean-David Beyer via Gnupg-users wrote:
> Mine's bigger than yours (older, too):
> 
> $ gpg --version
> gpg (GnuPG) 2.0.14

Yeah, and it's probably high time to put gramps out to pasture as
well... ;-) That's a seriously old, unsupported version.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating revocation certificate

2019-04-06 Thread Peter Lebbing 
On 06/04/2019 20:24, André Ockers wrote:
>>> gpg: secret key "7CD3FBC8F6005ED5" not found: eof
> I'm using (up to date) Trisquel
> 
> $ gpg --version
> gpg (GnuPG) 1.4.20
> 
> $ gpg2 --version
> gpg (GnuPG) 2.1.11
> libgcrypt 1.6.5

The error message is really unclear, but the problem probably is that
you should have used "gpg2" instead of "gpg", consistently. So just
leave "gpg" behind and only use "gpg2" ever. Well, until an updated
Trisquel drops the old 1.4 and both refer to the same version.

GnuPG 1.4 and 2.1+ do not mix well in certain scenarios. You probably
encountered one.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating revocation certificate

2019-04-06 Thread André Ockers 
Hi mr. Reichelt and list,



Op 06-04-19 om 18:32 schreef Markus Reichelt:
> * André Ockers  wrote:
>
>> Op 06-04-19 om 15:04 schreef Markus Reichelt:
>>> gpg -a --output an...@ockers.eu.asc.revoke --gen-revoke 7CD3FBC8F6005ED5
>> This leads to the following:
>>
>> gpg: secret key "7CD3FBC8F6005ED5" not found: eof
> i'm using on slackware64-current (if you are using windows, all hands
> are off)
>
> gpg --version
> gpg (GnuPG) 2.2.15
> libgcrypt 1.8.4

I'm using (up to date) Trisquel

$ gpg --version
gpg (GnuPG) 1.4.20

$ gpg2 --version
gpg (GnuPG) 2.1.11
libgcrypt 1.6.5

> it looks to me you are lacking access to the secret key - you
> need it in order to be able to create a revocation cert. but since
> you are able to still sign mails (to this list, e.g.) that key must
> be there still. 
>
> if you run "gpg --list-keys an...@ockers.eu" (with gpg2)
>
> does that fingerprint show up?:
>
> 0288A46FA7FF9A9B5BF64D6B7CD3FBC8F6005ED5

$ gpg2 --list-keys an...@ockers.eu
pub   rsa4096/F5FE3668 2014-07-31 [SCA] [revoked: 2018-12-29]
uid [ revoked] Andr� Ockers 
uid [ revoked] Andr� Ockers 

pub   rsa4096/F6005ED5 2018-12-29 [SCA]
uid [ultimate] Andr� Ockers 
uid [ultimate] Andr� Ockers 
(plus a subkey)

> anyhow, if you lost (access to) that key in question, it's too late
> to create a revocation cert.  best practice is to deal with that when
> deploying a new key.

I already made a revocation certificate with Enigmail.

Thank you.

Best regards,

André Ockers




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating revocation certificate

2019-04-06 Thread Jean-David Beyer via Gnupg-users 
On 4/6/19 12:32 PM, Markus Reichelt wrote:
> i'm using on slackware64-current (if you are using windows, all hands
> are off)
> 
> gpg --version
> gpg (GnuPG) 2.2.15
> libgcrypt 1.8.4

Mine's bigger than yours (older, too):

$ gpg --version
gpg (GnuPG) 2.0.14
libgcrypt 1.4.5
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


-- 
  .~.  Jean-David Beyer
  /V\  PGP-Key:166D840A 0C610C8B
 /( )\ Shrewsbury, New Jersey
 ^^-^^ 12:45:01 up 22:44, 2 users, load average: 4.26, 4.55, 4.53



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating revocation certificate

2019-04-06 Thread Markus Reichelt 
* André Ockers  wrote:

> Op 06-04-19 om 15:04 schreef Markus Reichelt:
> > gpg -a --output an...@ockers.eu.asc.revoke --gen-revoke 7CD3FBC8F6005ED5
> 
> This leads to the following:
> 
> gpg: secret key "7CD3FBC8F6005ED5" not found: eof

i'm using on slackware64-current (if you are using windows, all hands
are off)

gpg --version
gpg (GnuPG) 2.2.15
libgcrypt 1.8.4

it looks to me you are lacking access to the secret key - you
need it in order to be able to create a revocation cert. but since
you are able to still sign mails (to this list, e.g.) that key must
be there still. 

if you run "gpg --list-keys an...@ockers.eu" (with gpg2)

does that fingerprint show up?:

0288A46FA7FF9A9B5BF64D6B7CD3FBC8F6005ED5


anyhow, if you lost (access to) that key in question, it's too late
to create a revocation cert.  best practice is to deal with that when
deploying a new key.

HTH

-- 
left blank, right bald


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating revocation certificate

2019-04-06 Thread André Ockers 
Dear mr. Reichelt,


Thank you for your answer.


Op 06-04-19 om 15:04 schreef Markus Reichelt:
> gpg -a --output an...@ockers.eu.asc.revoke --gen-revoke 7CD3FBC8F6005ED5

This leads to the following:

gpg: secret key "7CD3FBC8F6005ED5" not found: eof

Best regards,

André Ockers


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating revocation certificate

2019-04-06 Thread Markus Reichelt 
* André Ockers  wrote:

> But when I tried to do the some thing in Bash I ran into the following:
> 
> $ gpg -a --output an...@ockers.eu.asc.revoke --gen-revoke an...@ockers.eu
> 
> sec  4096R/F5FE3668 2014-07-31 André Ockers 
> 
> Which is the fingerprint of the old key.
> 
> What happened and what can I do?

you almost had it, just use the fingerprint of the key in question
instead of an email address:

gpg -a --output an...@ockers.eu.asc.revoke --gen-revoke 7CD3FBC8F6005ED5

will create a revocation cert for the key you signed your mail with.

HTH

-- 
left blank, right bald


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Generating revocation certificate

2019-04-06 Thread André Ockers 
Dear all,

After I've created a new key and uploaded it to a key server, I ran into
something when generating a revocation certificate.

In Seahorse, I could select the right (new) key and make a revocation
certificate from there.

But when I tried to do the some thing in Bash I ran into the following:

$ gpg -a --output an...@ockers.eu.asc.revoke --gen-revoke an...@ockers.eu

sec  4096R/F5FE3668 2014-07-31 André Ockers 

Which is the fingerprint of the old key.

What happened and what can I do?

Thank you very much.

Best regards,

André Ockers




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users