Re: First Amendment and Marines?
Small correction: The standard is called OpenPGP, not OpenPG. IIRC, OpenPGP is an open protocol specification by the IETF that succeeded the original proprietary Pretty Good Privacy. GNU Privacy Guard (often abbreviated to GnuPG or GPG), the software this mailing- list is for, is merely one implementation of the standard (albeit an extremely widespread one). Sorry if I come across condescending, my intention is only to avoid misunderstandings. -- Jonas Tobias Hopusch OpenPGP Keys for encrypted communication are available via Web Key Directory (WKD) or from https://downloads.jotoho.de/openpgp/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key Management - BSI had send private key instead of public key
> Is there an English translation of this article somewhere? No, I don't think so. To the best of my knowledge Golem.de publishes exclusively in German and I didn't find anything with a search engine. > If I go to the link, I get a rather large pop-up dialogue which doesn't > look much like an article at all. Throw the thing at Google Translate, > and the JavaScript on the page re-directs me back to the original page > in German. That was just a mechanism to force users to either consent to extensive tracking and ads or login with an account that has a paid subscription. -- Jonas Tobias Hopusch ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg-wks-client generates empty files
Hello Werner. > It took me a while to track this down. It's good to see one of you respond to my mail. I was worried that maybe the mailinglist broke both the SPF and DKIM checks and prevented it from being delivered to the subscriber's mailboxes. To avoid that this time, I'm sending this mail from another domain with less strict settings. > pub rsa4096/612F3350DB59D359 2021-01-27 [C] [verfällt: 2024-01-27] > Schl.-Fingerabdruck = 1F42 EF02 BE3E 6FE8 F624 C8BC 612F 3350 DB59 D359 > uid [vollständig] (Domain owner of jotoho.de) ^- Here is leading blank. > > gpg --list-packets makes it easier to see: > > :user ID packet: " (Domain owner of jotoho.de) " > ^ > Although that is somewhat peculiar it does not harm. But, > gpg-wks-client does some processing of the key: It's been a few months since I generated the key with GnuPG so I don't know if I put the extra spaces there. Maybe it's a consequence of leaving out my name during UID creation? (Back then I was hesitant to put my name on that key though my view on that is more relaxed by now.) > 1. It list all mail addresses from the key and matches them to the >requested mail address. (in your example hostmaster@...) > > 2. Now it may happen tha there are several user-ids all with the same >mail address. gpg-wks-tools picks one of them and then extracts >exactly that user id - however in this case it does not match by the >mail address but by the full user-id so that there will be only one >user-id in the final key. > > 3. The filter built expression unfortunately strips leading blanks but >requires a verbatim match. Thus it won't find the user id again and >errors out. > > Right there is a second error that the empty file should not have been > written. But after all that error should never happen. > > I need to see how I can avoid to trim the leading space from the filter > expression. This question I'm asking myself at this explanation for the issue is why my Gitea instance's signing key was also affected by the bug. (The one with the autos...@gitea.jotoho.de UID) When looking at that key with the terminal command > gpg --export 56105D315120E79B34C4D39516128FBFDB6214C9 | gpg --list-packets there does not appear to be any whitespace in the UserID that shouldn't be there. Do you mean by "Thus it won't find the user id again and errors out." that the error when working with my domain management key also stops the software from processing other keys, that come after it, properly? I get the impression that maybe the code dealing with the different keys/uids should be better isolated amongst each other so any error pertaining to key Y doesn't also impact processing of key Z. I don't know the big picture or the code in question though, so feel free to ignore my rambling. In the meantime, I was able to generate a working Web Key Directory using Sequoia and installed that on my domain so the issue has no urgency or immediate impact for me. (Though it would be good to be able to get rid of those extra packages again once gpg-wks-client works properly for me) -- Jonas Tobias Hopusch signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg-wks-client generates empty files
Hi everyone, I have heard of Web Key Directory and the many benefits it has over the traditional keyserver approach and want to try setting it up for my personal domain. I believe that I understand the directory structure and how you would set it up but ran into a problem with gpg-wks-client when trying to follow the instructions in the wiki (https://wiki.gnupg.org/WKDHosting). When I ran the gpg-wks-client command specified on that wiki page, I noticed that the software generated the directories, policy files and created the key files but that the vast majority of those exported key files were empty. This happened using gnupg version 2.2.29, installed from archlinux's official repositories via pacman. For the purposes of debugging, I will attach the output of 'gpg --with-wkd-hash -k @jotoho.de', a directory listing of the hu-directories created by gpg-wks-client, the output of the gpg-wks-client command and the three keys I attempted to export into WKD. Does anyone know what may have gone wrong? Is there any additional information I can provide to help with tracking down what I presume to be a bug? Thanks in advance. -- Jonas Hopusch pub rsa4096/4C6E404513ED90C9 2019-06-20 [SC] [verfällt: 2021-10-18] Schl.-Fingerabdruck = 53B1 B68B 5081 F3AE C906 709E 4C6E 4045 13ED 90C9 uid [ ultimativ ] Jonas Tobias Hopusch (This is my personal master key, which signs all my other keys) of4qcqetg5z8oa1uscqcz7uehu4sr...@jotoho.de uid [ ultimativ ] Jonas Tobias Hopusch (Software-signing identity) e5a4bxki1ktx1jncwco5nkcofedmk...@jotoho.de sub rsa4096/31EB56623DB25CC8 2019-06-20 [A] [verfällt: 2021-10-18] sub rsa4096/2E42A2D974F4EE83 2019-06-20 [E] [verfällt: 2021-10-18] sub rsa4096/2D79D7D95F0D29ED 2019-12-17 [S] [verfällt: 2021-10-18] sub rsa4096/053B9DA04C5AC0A5 2019-12-17 [S] [verfällt: 2021-10-18] pub rsa4096/612F3350DB59D359 2021-01-27 [C] [verfällt: 2024-01-27] Schl.-Fingerabdruck = 1F42 EF02 BE3E 6FE8 F624 C8BC 612F 3350 DB59 D359 uid [vollständig] (Domain owner of jotoho.de) n85z5mkjgfstw6o6r3t97pjamdspt...@jotoho.de uid [vollständig] (Primary contact for web-related issues with jotoho.de) kd39y8fkyw5j8uubuicshffo9hhod...@jotoho.de uid [vollständig] (Primary contact for networking-issues with jotoho.de) e1bxuz5fmgbtjxtngwnb56rnahtt4...@jotoho.de uid [vollständig] (Primary contact for email-related issues with jotoho.de) 17o8za5yunot7q6wddwcs4jqodngr...@jotoho.de uid [vollständig] (Primary contact for security issues with jotoho.de) t5s8ztdbon8yzntexy6oz5y48etqs...@jotoho.de uid [vollständig] (Primary contact for abuse of/from jotoho.de servers & services) 88fb3b9rrzeapqdf3kodtkfenu7c4...@jotoho.de sub rsa4096/15013ADE96502164 2021-01-27 [SE] [verfällt: 2024-01-27] pub rsa4096/16128FBFDB6214C9 2021-07-19 [C] [verfällt: 2024-07-18] Schl.-Fingerabdruck = 5610 5D31 5120 E79B 34C4 D395 1612 8FBF DB62 14C9 uid [vollständig] Gitea Automation (Signing Key for automatically created commits and tags on https://gitea.jotoho.de) sfno47rsgbbjwjk5zcdmrczcmdrdh...@gitea.jotoho.de sub rsa4096/B8405128B0847FE1 2021-07-19 [S] [verfällt: 2024-07-18] .well-known/openpgpkey/gitea.jotoho.de/hu: insgesamt 0 -rw-r--r-- 1 jonas jonas 0 31. Jul 17:31 sfno47rsgbbjwjk5zcdmrczcmdrdhbkr .well-known/openpgpkey/jotoho.de/hu: insgesamt 24K -rw-r--r-- 1 jonas jonas0 31. Jul 17:31 17o8za5yunot7q6wddwcs4jqodngre8t -rw-r--r-- 1 jonas jonas0 31. Jul 17:31 88fb3b9rrzeapqdf3kodtkfenu7c41b7 -rw-r--r-- 1 jonas jonas0 31. Jul 17:31 e1bxuz5fmgbtjxtngwnb56rnahtt48ij -rw-r--r-- 1 jonas jonas 8,3K 31. Jul 17:31 e5a4bxki1ktx1jncwco5nkcofedmkxod -rw-r--r-- 1 jonas jonas0 31. Jul 17:31 kd39y8fkyw5j8uubuicshffo9hhodk4j -rw-r--r-- 1 jonas jonas0 31. Jul 17:31 n85z5mkjgfstw6o6r3t97pjamdsptfsi -rw-r--r-- 1 jonas jonas 8,3K 31. Jul 17:31 of4qcqetg5z8oa1uscqcz7uehu4sr9g3 -rw-r--r-- 1 jonas jonas0 31. Jul 17:31 t5s8ztdbon8yzntexy6oz5y48etqsnbb gpg-wks-client: gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1 gpg-wks-client: using key with user id 'Jonas Tobias Hopusch (This is my personal master key, which signs all my other keys) ' gpg-wks-client: gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1 gpg-wks-client: directory './jotoho.de' created gpg-wks-client: directory './jotoho.de/hu' created gpg-wks-client: policy file './jotoho.de/policy' created gpg-wks-client: key 53B1B68B5081F3AEC906709E4C6E404513ED90C9 published for 'master-...@jotoho.de' gpg-wks-client: gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1 gpg-wks-client: using key with user id 'Jonas Tobias Hopusch (Software-signing identity) ' gpg-wks-client: gpg: Anzahl insgesamt bearbeiteter Schlüssel: 1 gpg-wks-client: key