TPM operations in v2.3
Hello GnuPG, Just read about the v2.3 release; TPM feature is straight from the "dreams come true" category, massive update! Two questions: 1. When the key is unsealed, which PCRs registers are queried to ensure that measurements are the same as when the key was sealed? 2. Is there ability to change which PCRs are used during the `keytotpm` phase? My very generic understanding of the process, please correct if the assumptions below are false: 1. Key is generated on the target host 2. Key is sealed in TPM using user-supplied password and PCR registers P.S. At the beginning of the blog-post, James says: "...is the ability to use a TPM 2.0 (which comes with all reasonably recent laptops) to protect all the private keys". This can be changed to "reasonably recent anything", as these days TPMs can be found in desktops, servers and CPUs. Either fTPM or dTPM, all conforming to TPM v2.0 standard. -- Regards, A ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Add masterkey as subkey to new masterkey
On 2021-04-10 at 04:08 +, Kiara Stankovic wrote: > Hello gnupg-users, > > I want to add my existing master key as a subkey to a new master key. > > I have followed the steps at > https://security.stackexchange.com/questions/32935/migrating-gpg-master-keys-as-subkeys-to-new-master-key > , and I was able to slot in my subkey, as well concatenate it into > one file as well, but while importing it (with the latest version of > gnupg) I encountered an error - bad signature, realizing that I had > to use an old version of gnupg - around 2005, but I did not have > access to any such gpg binaries. > > Are there any workarounds for this? > Adding a subkey with keygrip also doesnt work, since the new subkey > has a different keyid than the original key. > > Can someone help me? > -- > Kiara Stankovic The solution of https://security.stackexchange.com/a/160847/ should work fine. What do you mean with "the new subkey has a different keyid than the original key" ? Note you need to use the keygrip, not the keyid. Maybe you could provide the steps you are doing along with its output? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG returns error after install but works
Hello, First of all, I want to say thank you for your work! I'am a beginner and I've installed GnuPG 2.2.27 with the necessary packages: - npth (https://gnupg.org/ftp/gcrypt/npth/) - libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/) - libgcrypt (https://gnupg.org/ftp/gcrypt/libgcrypt/) - libksba (https://gnupg.org/ftp/gcrypt/libksba/) - libassuan (https://gnupg.org/ftp/gcrypt/libassuan/) Followed exactly the INSTALL files inside each packages. But at the end, my terminal return this: Making install in m4 make[2]: Nothing to be done for `install-exec-am'. make[2]: Nothing to be done for `install-data-am'. Making install in common /Applications/Xcode.app/Contents/Developer/usr/bin/makeinstall-am make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. Making install in regexp /Applications/Xcode.app/Contents/Developer/usr/bin/makeinstall-am make[3]: Nothing to be done for `install-exec-am'. make[3]: Nothing to be done for `install-data-am'. Making install in kbx ../build-aux/install-sh -c -d '/usr/local/bin' /usr/bin/install -c kbxutil '/usr/local/bin' make[2]: Nothing to be done for `install-data-am'. Making install in g10 /Applications/Xcode.app/Contents/Developer/usr/bin/makeinstall-exec-hook running install-exec-hook ../build-aux/install-sh -c -d '/usr/local/bin' /usr/bin/install -cgpg '/usr/local/bin/gpg' /usr/bin/install -cgpgv '/usr/local/bin/gpgv' /bin/sh ../build-aux/mkinstalldirs /usr/local/share/gnupg /usr/bin/install -c -m 644 ./distsigkey.gpg \ /usr/local/share/gnupg/distsigkey.gpg Making install in sm ../build-aux/install-sh -c -d '/usr/local/bin' /usr/bin/install -c gpgsm '/usr/local/bin' make[2]: Nothing to be done for `install-data-am'. Making install in agent ../build-aux/install-sh -c -d '/usr/local/bin' /usr/bin/install -c gpg-agent '/usr/local/bin' ../build-aux/install-sh -c -d '/usr/local/libexec' mkdir: /usr/local/libexec: Permission denied make[2]: *** [install-libexecPROGRAMS] Error 1 make[1]: *** [install-am] Error 2 make: *** [install-recursive] Error 1 There is something wrong ? However when I type which gpg in my terminal, returns /usr/local/bin/gpg and I can use it. Can you help with this ? Best regards Yohan W. Dunon Sent with [ProtonMail](https://protonmail.com) Secure Email.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
use "old" masterkey as subkey in new masterkey
hey, i am trying to manage my protonmail gpg by adding it to my masterkey. I have looked at https://security.stackexchange.com/questions/32935/migrating-gpg-master-keys-as-subkeys-to-new-master-key I was able to slot in my subkey, and was able to concatenate it into one file as well, but while importing it (with the lastest version of gnupg) i got an error - bad signature, realizing that i had to use an old version of gnupg - around 2005, but I did not have access to any such gpg binaries. Are there any workarounds for this? adding a subkey with keygrip also doesnt work, since the new subkey has a different keyid than the original key. Can someone help me? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
