Re: GPA - import keys more easily?..
(or not even seeing it, because I think it would normally close immediately after the program has finished running). Oh, okay, I misunderstood your request. I thought you wanted to invoke GPA from the command line, since you called it a command line option. But I suppose you want a file association so GPA is launched on an .asc or .gpg file, and subsequently takes the most logical action for the actual content of the file (show key info with an option to import for keys, decrypt and verify for encrypted/signed data). Yes; I can set up a file association myself, but when I open someone's .asc public key in GPA, I see a "File manager" window with an option to decrypt it, which doesn't make sense. I want either GPA to automatically understand that this is a public key (which is not hard at all, because there is the PGP header written in plaintext), or at least to be able to open keys with GPA with some option to tell it that this is a key, not an encrypted message, if it can not see that without my help - maybe with a commandline option. Or at the very least, they should just add an "Import key" option in that file manager for such cases - that would also be fine by me. I just want to be able to import a key I'm already looking at without having to look for it again in the "Import key..." dialog. There may be "workarounds" like installing some plugins for some mail clients, but I'm happy with GPA, and I want to use GPA, and installing a plugin (and probably switching to a compatible email client) and setting it up and getting used to it just to be able import keys a couple of seconds quicker does not really make sense. PGP for Windows does that from time immemorial, naturally. I would expect at least this much from a frontend for encryption software for an operating system which, unlike Windows, is actually concerned about security, and I believe our new "converts" from Windows would expect it too, and I can't believe it's still not there by now. =/ -- darkpenguin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPA - import keys more easily?..
Of course, I could use other software if I don't like this one, but the question is "wouldn't it be convenient to add a simple commandline option to GPA to import a key". For commandline usage, you can simply use GnuPG directly: $ gpg2 --import pubkey.asc GPA is a GUI frontend to GnuPG. Commandline support is already in GnuPG and doesn't need to be in a GUI frontend. I could do that, but I believe for most users it would be much more convenient to see a graphical window of a familiar program with the user's name and email address and a confirmation dialog, instead of seeing a terminal saying "I've already imported it" (or not even seeing it, because I think it would normally close immediately after the program has finished running). I know how keys work; I've been using it at work for a long time. And I usually import the keys from email attachments, which I know are correct, because I've helped them set up PGP and I've created their email account. I just want to be able to have them imported with simply opening them with GPA and not have to save them somewhere, then look for them in the "Import keys..." dialog, and then delete them. I've submitted this along with other bugs and wishlist items to gnupg-devel, but it seems that those have not yet been approved by the moderator (though almost a week has passed since the first report). I wanted to hear what do they have to say before creating the bug reports, but now I've submitted all of the "bugs" I wanted to report on bugs.gnupg.org (issues 2178, 2179, and this one - 2180). -- darkpenguin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPA - import keys more easily?..
You can import keys (1) direct from personal contact - people give you the key id and you can download from a key server - most people upload their public key to a key server (2) you can get keys when people have included their public key as an attachment in an email. If you have installed Thunderbird - you could install Enigmail - you can do all the things with that that GPA does. Of course, I could use other software if I don't like this one, but the question is "wouldn't it be convenient to add a simple commandline option to GPA to import a key". It's not that big of a deal, but the idea is so obvious I'm really surprised it's not there yet. It's not about GNOME Keyring; it's just that I've been using GnuPG and GPA since Squeeze, and I would really like to be able to add public keys by just "opening" them from anywhere, not only from a Thunderbird mail attachment, and with GPA, not with something else. I just don't want to submit a "wishlist" bug report without consulting the users first - maybe it's already there in the newer versions?.. The developers seem to be really busy... -- darkpenguin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPA - unsupported certificate
I'm not sure if this idea makes sense, but maybe it would be easy to add a check on the version of said gpg-agent before attempting to use it?.. I know certain recent versions of GnuPG complain and warn about the hijacking, but that is during usage on the terminal. Then this should definitely alert GPA to forward the warning to the user! It's already there, but GPA is ignoring this?.. (I don't have a "recent" version of GnuPG, so I can't be sure this is not already done.) maybe it would make sense to disregard GPG_AGENT_INFO if it points to GNOME Keyring one, or maybe even disregard it always, or maybe even have GPA use another fixed path to always connect to "our" gpg-agent? GnuPG 2.1 already always uses a fixed path and disregards the variable. And recent GnuPG 2.0 versions already warn about the hijack. The problem is that two software projects want opposite things; this would lead to an arms race. But fortunately, it will all go away when distributions start using recent versions of the software, as the issue has finally been resolved. Ok, so now it's only a question of GPA and GnuPG 2.1 being backported to Jessie. That's good to know. Oh, by the way, the functionality that GNOME Keyring is providing is that it offers the option of unlocking your GnuPG keys when you log in. I've never understood why this is so darn important. Without GNOME Keyring, you would type two passphrases per login session: once to login, and for the second time when you use your GnuPG key for the first time. The gpg-agent can then keep the key unlocked for the rest of the time if you want it to. With GNOME Keyring, it is reduced to one passphrase: your login passphrase. Some might say that's a 50% gain, I say it is the smallest possible gain: you gain one less passphrase-entering moment per session. Whooptie-friggin'-doo. I don't get it. I just wanted to say that "the GNOME guys must have some reason to do that, though I seriously doubt their reasoning since GNOME3". Now I see I was actually right. %) -- darkpenguin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPA - import keys more easily?..
Is it possible to import public keys into GPA by "opening them with GPA" instead of using "Keys - Import"?.. That would sure be convenient, but simply opening an .asc key with GPA did not do that, and I couldn't find anything mentioning such thing in the man gpa. If this functionality is indeed not there, may I suggest we file a "wishlist" bug for this issue?.. It seems quite natural to expect this kind of thing. If it is there, I suggest we put it into the manual page, because it's not there. If it's there in the latest version, do rebuke me, for I am not upgrading from 0.9.5 (from Debian Jessie repo) to 0.9.9 just to confirm this behaviour; and I couldn't find a changelog for the last versions anywhere on the site... It took me quite a while to even find a download link, even though I do remember that it's hosted on the same site!.. Shouldn't it be put in the "Downloads" section, at least as a short link in the bottom - "Also, see GPA, which aims to be the default GUI frontend and is hosted on this site as well"?.. -- darkpenguin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPA - unsupported certificate
I am sure I've installed all updates and security-updates. I wanted to confirm the existence of another bug, so I've upgraded everything. Debian has gpg installed by default; I did not run it before installing GPA - naturally, I would expect GPA to run it itself if it needs it. Also, in Debian, GPA depends on GPGv2, so it got installed as well. I believe this means GPA is using GPGv2, but I have no way to confirm it. I am running MATE, not KDE, as some might have expected (judging by the abundance of "K"'s in the names "KGPG" and "Kleopatra") or GNOME3 (judging by the mention of "GNOME Keyring"). I don't think I've seen any mentions of "Kleopatra" in my GPA, either the one from the repo, or the one from the website... Erm... sorry, I am still not very good with understanding the bug report flow; I would have checked the Debian GPA bug page before writing here if I knew about its existence. ^_^' And yes, here it is, my "Unsupported certificate" bug!.. Seems like MATE uses GNOME Keyring, too. Unchecking it did not help... This did: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790737#25 Indeed, this is a problem with GNOME Keyring, though fixing it now apparently requires more than just disabling the GNOME Keyring; but, this is a better solution, since you can keep the GNOME Keyring and have GPA work. I'm not sure if this idea makes sense, but maybe it would be easy to add a check on the version of said gpg-agent before attempting to use it?.. On one side, GPA is probably supposed to work with whatever GPG_AGENT_INFO is set to; on the other side, if all the other software is fine working with GNOME Keyring and only GPA needs "only its own" gpg-agent, maybe it would make sense to disregard GPG_AGENT_INFO if it points to GNOME Keyring one, or maybe even disregard it always, or maybe even have GPA use another fixed path to always connect to "our" gpg-agent?.. This is not really "our problem", but a workaround would probably help... -- darkpenguin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GPA - unsupported certificate
I wanted to report a few bugs in GPA that I've been getting on Debian Squeeze, but I thought I should check if they still exist in the latest version. So, I've installed Debian Jessie and got the latest release (0.9.9) to see if there was any improvement since few years ago. So, I start "gpa". The first thing I see is the Key Manager window and an invitation to create a new key. On top of it, an error message ("Unsupported certificate") pops up immediately; on top of this message, "GnuPG is rebuilding the trust database", which "might take a few seconds", but takes forever. I tried to wait, but in the end I just had to close the "trust database" popup and the "Unsupported certificate" error message. then I proceeded with generating a new key, and made sure all those old bugs are still there. And what's more, every time I open the Key Manager window, the "Unsupported certificate" error pops up again, and there are no keys in the Key Manager. Not even the one I've created. Are those really bugs or am I doing something wrong?.. I've tried that on an Ubuntu 14.04 LTS livecd right after booting it up, to see if it works on one of the most popular distributions, but all the problems were exactly the same. So, the problems are there on Debian Jessie with 3.16 kernel, gpa 0.9.5/0.9.9 and gpg 1.4.18/2.0.26 and Ubuntu 14.04 LTS with 3.19 kernel, gpa 0.9.4-1 and gpg 1.4.16/2.0.22. (I didn't upgrade Ubuntu before trying. Also, seems like GPA uses the gpg2-branch, but does it really call upon gpg2 and not old gpg, which is hardly possible to remove from the system without breaking a LOT of dependencies like APT?..) Should I go on and submit all those things as bug reports, or am I missing something important here?.. Seriously, things don't work out of the box and nobody has even noticed?.. I just have a hard time believing it... -- darkpenguin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users