Re: [Announce] GnuPG 2.1.17 released
Hello, Am 20.12.2016 um 13:46 schrieb Christoph Moench-Tegeder: > SHA1 (gnupg-2.1.17.tar.bz2) = d83ab893faab35f37ace772ca29b939e6a5aa6a7 > SHA1 (gnupg-2.1.17.tar.bz2.sig) = 34cea3e6d139cb340bf14f04ff217cb6960cf36d > > Or is that just me and a local issue? it works for me (see below), but the sig-file I downloaded has another hash (dfdfe72c4dd7e10bef283d25fa365cfa022305de) than yours, so maybe there was an issue and it is fixed already? Sincerely, DaB. PS: What’s “public key algorithm 22”? -- snip --- 16:15:39dab@dabpc:/tmp$ LC_ALL=C gpg2 -v gnupg-2.1.17.tar.bz2.sig :signature packet: algo 1, keyid 249B39D24F25E3B6 version 4, created 1482242390, md5len 0, sigclass 0x00 digest algo 8, begin of digest d8 f7 hashed subpkt 33 len 21 (?) hashed subpkt 2 len 4 (sig created 2016-12-20) subpkt 16 len 8 (issuer key ID 249B39D24F25E3B6) data: [2046 bits] gpg: assuming signed data in 'gnupg-2.1.17.tar.bz2' gpg: Signature made Tue Dec 20 14:59:50 2016 CET gpg:using RSA key 0x249B39D24F25E3B6 gpg: can't handle public key algorithm 22 gpg: using PGP trust model gpg: key 0x2D3EE2D42B255885: accepted as trusted key gpg: Good signature from "Werner Koch (dist sig)" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 gpg: binary signature, digest algorithm SHA256 -- snap --- signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to interprete the output of --export-ownertrust?
Hello, Am 05.04.2016 um 06:37 schrieb Doug Barton: > I learned to check the headers, and look for References: (sometimes > spelled In-Reply-To:) with one or more message Ids after. while it is off-topic: The In-Reply-to and References-header are not the same. The in-reply-to-header tells you, for which message a message is a direct reply. The reference-header tells to which emails the mail belongs. Now-adays the reference-header are not very useful anymore, but in the old-times it could happen that a reply reached a third party before the original message reached the third. Example: You have 3 emails. Starter: Message-ID: A Answer: Message-ID: B, In-reply-to: A, References: A Answer-Answer: Message-ID: C, In-reply: B, References: An, B If the answer-answer (C) reaches you before the answer (B), your email-program still knows that it somehow belongs to the starter-eMail (A). When the answer (B) reaches you, your eMail-programm can sort it in the right position, using the in-reply-to-field. Sincerely, DaB. P.S: I learned it the hard way that people that use the reply-button for new emails that not so bad like the smartphone-guys that write an new email for an reply. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: character encoding differs in gpg and gpg2
Hello, Am 16.12.2015 um 11:51 schrieb Fabian Stäber: > My name has a special character. 'gpg --edit-key' shows it correctly, > 'gpg2 --edit-key' does not. either gpg or gpg2 show the umlaut in your key correct here. My locale is LC_ALL=de_DE.UTF-8. Sincerely, DaB. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1: --auto-key-locate dane
Hallo, Am 27.11.2015 um 07:58 schrieb Werner Koch: >> The OpenPGPKey-DNS-entry for my mail-adress works, if you like to test gpg. > Not for me: sorry, this is a misunderstanding. I meant: My entry is correct in the DNS, while Felix’ is not. I have no such recent version of gpg to test if it is working there. Sincerely, DaB. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1: --auto-key-locate dane
Hello, Am 26.11.2015 um 16:00 schrieb Felix Seip: > Clearly I am doing something wrong and was wondering if someone could > help me with this problem. Hello, Am 26.11.2015 um 16:00 schrieb Felix Seip: > Clearly I am doing something wrong and was wondering if someone could > help me with this problem. dig type61 1ed6d5e274e32624065e36218dd952070defca5ad2618ec8d64511c6._openpgpkey.gmx.de returns no key. So AFAIS the error is not at you or gpg, but at gmx. The OpenPGPKey-DNS-entry for my mail-adress works, if you like to test gpg. Sincerely, DaB. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trusting other keys a message was encrypted to
Hello, Am 07.11.2015 um 12:10 schrieb MFPA: > But we *could* check to see if any of them gives > us cause for concern. I don’t really understand what is the earn here. If I send a encrypted message to you and EvilPerson (together in the same eMail), you receive the email and gpg would warn you “Heh, you don’t trust EvilPerson!”: What would improve? The EvilPerson received already the email, neither you or I could do anything about that. Sincerely, DaB. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: TOFU for GnuPG
Hello, Am 29.10.2015 um 15:06 schrieb Neal H. Walfield: > First, some > statistics are displayed, namely, that we've verified 5 messages > signed by this key in the past last hour. isn’t it a little bit problematic that GPG now logs how often I received emails by someone else? Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Generating 4096 bit key fails – why?
Hello, Am 27.10.2015 um 11:11 schrieb Felix E. Klee: > As already mentioned in the October 2015 thread “Bad secret key” on >, I cannot generate a 4096 bit on > my [OpenPGP card][1]. What could be the issue? AFAIK the card doesn’t support 4096 bit keys. The webpage given by you says the same AFAIS: “Key lengths reducable to 1024 bit; key length of signature keys increasable to 3072 bit. ” Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Proposal of OpenPGP Email Validation
Hello, Am 27.07.2015 um 14:15 schrieb Neal H. Walfield: This approach is not going to stop a nation state. A nation state can intercept the mail, decrypt it and follow the link. For the same reason, it is not going to stop a user's ISP. Given Microsoft's et al.'s willingness to cooperate with the NSA, these are not very good starting conditions. As far as I understand, the email is encrypted with the public key of the owner – so as long as we think that GPG is safe, Nico’s verification-emails should be also safe. What could be a problem: The state or the ISP could create a key-pair of its own and upload it, intercept the mail and verify it. Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Receiving keys by PKA or OpenPGP
Hello, Am 15.05.2015 um 13:33 schrieb Werner Koch: gpg2 --auto-key-locate clear,nodefault,pka --locate-key ADDRESS ah ok, thanks. I forgot to consult the man-page for gpg2, sorry. Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What Linux kernel configuration options are required by GPG for --refresh-keys?
Hello, Am 15.05.2015 um 16:20 schrieb Daniel Bomar: If I ping either of those hostnames it sends only an A query that’s normal, because the ping-command works only for IPv4. Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Receiving keys by PKA or OpenPGP
Hello, maybe I’m blind, but how can I receive a key from a pka- or OpenPGP-DNS-entry without encrypting a (dummy-)file? Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users