Re: Access to www.gnupg.org only via TLS
* Doug Barton do...@dougbarton.us [140430 10:05, mID 5360ae82.6070...@dougbarton.us]: On 04/30/2014 12:41 AM, Werner Koch wrote: Hi, I have changed the website setup so that any plain text access to www.gnupg.org is redirected to https://www.gnupg.org . Strict Transport Security (HSTS) has also been enabled. In case of problems with TLS you may use www dot tla-friendly dot gnupg.org to view the pages. Note that https is not enforced for lists.gnupg.org and the other services because over there we use CAcert certificates which do not work widely enough. All good news. :) If there is an interest to have lists at https as well, I consider to purchase a certificate for it. I know it's been discussed on the list before, but I'm quite happy with https://www.startssl.com/, and you certainly can't beat the price. :) You might want to consider my blogpost about StartSSL [1]. Despite that, the SSLLabs test shows two small issues when testing gnupg.org [2], one of which is the too short time sent in the HSTS header. [1] http://blogs.fsfe.org/gollo/2014/04/13/what-the-heartbleed-bug-revealed-to-me/ [2] https://www.ssllabs.com/ssltest/analyze.html?d=gnupg.org Thanks, Martin signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG launches crowdfunding campaign
* Richard Ulrich ricu...@gmail.com [131219 13:47, mID 1387457142.1836.18.camel@XPS13dev]: As this is about a crypto project, wouldn't it be adequate to accept payments in crypto currencies? I wouldn't consider this a priority. Bitcoin violates one of the fundamental laws of economics and is therefore supposed to crash at some point. Choosing goteo was IMHO a good idea because their system is Free Software and I don't know if they even support BTC et al. Just my €0,02 Martin signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Quotes from GPG users
* Sam Tuke samt...@gnupg.org [131030 13:18, mID 5270e670.3070...@gnupg.org]: Hi all, I'm working with Werner to promote GnuPG and raise awareness. To that end we're collecting quotes from users - endorsements from people who know and trust GPG, people like you. If you want to help us, send your own statement about why GPG is important to you. Please keep it less than or equal to 130 characters, so it can be used on social networks. Unfortunately, this is slightly longer (it's really hard to stick to 130 characters): GnuPG allows for both proving a message's authenticity and preventing eavesdropping. It's one of the most important tools I use every day. I'll try to come up with a better one ASAP. Best, Martin signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Sending signed e-mail via shell script
Hi, I'm currently trying to do a smal script that sends automated e-mail messages on a regular basis. I want to sign those e-mails and since mutt does not allow to use it's OpenPGP features in non-interactive mode, I try to at least have these messages signed using inline PGP. For this, I use the following commands on a Debian squeeze machine: cat $file | gpg --no-verbose --batch --quiet --output - --passphrase passphrase --armor --textmode --clearsign $tmpfile mail -s Subject $address $tmpfile The problem is that I get a BAD SIGNATURE from … when verifying the signature in mutt. I'm not entirely sure, but I think the problem has to do with the encoding. I'm not very talented in shell scripting, so any help is highly appreciated. Of course if you know a way to send automated PGP/MIME signed messages, that would be even better. Thanks, Martin pgpZtXowERYzL.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trying to create auth key on GPF CryptoStick
* Paul Hartman paul.hart...@gmail.com [120102 19:35, mID CAEH5T2P7yFKf1aZt8aFGb=tm_8bu3odwpro36mwxrecngg0...@mail.gmail.com]: Crypto-Stick website states that it supported 4096-bit keys when using gnupg 2.0.18, and my signing and encryption subkeys on the card are in fact already 4096 bits, but they were created with gnupg on my PC and then transferred to the card, whereas the auth key creation is happening on the card itself, so maybe it has different limitations in this scenario (card-generated vs PC-generated). As far as I can tell, creation of the auth key outside of the smartcard is not supported. Werner, is that correct? The card you gave me at FSCONS back in 2009 states that 3072 Bits is the maximum key size. I use 2048 Bit keys at the moment since back then I even had problems with 3072 Bit Keys. I just tried 3072 bits and it worked. Thanks! Hehe, no problem :-) All the best, Martin smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Trying to create auth key on GPF CryptoStick
* Paul Hartman paul.hart...@gmail.com [120102 08:52, mID caeh5t2o4hfyoftki8bm16gxwczhbptmvqz7nqiqbw3ykmh5...@mail.gmail.com]: Hi, I got a GPF CryptoStick 1.2 yesterday and have successfully added my new signing and encrypting subkeys to the card using GPG 2.0.18 and using it without trouble so far for those purposes. However, when I tried to create an authentication key it gives this error twice: gpg: key generation failed: Card error gpg: Key generation failed: Card error To get there, I ran gpg --edit-key my keynum, then addcardkey command, chose Authentication key, 4096 keysize, enter the requested PINs and passphrase, but it results in the error above. It is likely I'm doing something wrong, but am not sure what... if someone has any clues, it is appreciated if you can point me in the right direction. Even v2 cards can't carry 4096 Bit keys. The maximum size is 3072 Bits IIRC. Martin pgp19hPgRpd0d.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
* Robert Holtzman hol...@cox.net [111018 21:43, mID 20111018185035.gb4...@cox.net]: The greatest hindrance to widespread adoption is the phrase I often hear...I've got nothing to hide It drives me up a wall. +1 Martin smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP card not working
* David Robertson djpeterrobert...@gmail.com [110903 11:18, mID 4e61eaae.20...@gmail.com]: Hello, I've just bought myself a Gemplus/Gemalto GemPC twin USB smartcard reader and a V2.0 OpenPGP card. I'm running Debian Squeeze. I've set up udev rules as described here http://www.gnupg.org/howtos/card-howto/en/smartcard-howto-single.html . However, when I insert my card and type gpg --card-status I get (gpg 1.4.10) My first guess: The Gemalto reader is actually not listed in that udev file. Can you send me the output of $ lsusb so I can check? There is also a script [1] that does the udev stuff automatically. I always try to integrate new readers into the script if someone tells me the USB device ID :-) Also, you might want to try out the Card howto [2] which is probably the most up-to-date one around. [1] http://download.fsfe.org/tools/cardreader/udev-howto-automatization.sh [2] http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups Thanks, Martin pgpQL52J0RIqZ.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Migrating to Smartcards
* Werner Koch w...@gnupg.org [110831 08:45, mID 877h5uozaa@vigenere.g10code.de]: On Tue, 30 Aug 2011 20:40, go...@fsfe.org said: AFAIR, 3072 bit keys have to be generated on the card. If you use off-card generation, you are limited to 2048 bits. Really? That would be a bug. I had this problem back in 2009. In case it really does not work the workaround is to first create a key with 3072 bits on the card and then overwrite it by importing a 3072 bit key. The background is that we need to switch the card into an n-bit mode before we generate or import a key. This sounds like a good reason for what I experienced. If I find the time, I'll try it out and maybe switch to bigger subkeys. Martin pgpX6wvLb0jKs.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Migrating to Smartcards
Dear Richard, * Richard rich...@r-selected.de [110830 20:30, mID ca+wmqonz0asssnxzh4fgqrofevhqz2gj9xw5p0a0eq55mu-...@mail.gmail.com]: Hello, for security reasons, I have decided to migrate my most important subkeys to smartcards. I have a number of questions regarding the transfer/migration. I think this is a good decision. a) I've bought two OpenPGP smartcards (v2). Their overprint says they support RSA with up to 3072 bit. In the GnuPG 2.0.18 release notes one change was to Allow generation of card keys up to 4096 bit. Does that apply to the OpenPGP v2 card? AFAIR, 3072 bit keys have to be generated on the card. If you use off-card generation, you are limited to 2048 bits. b) As far as I know, the cards can only store subkeys, i.e. no primary key. That way, only decryption, singing and authenticaion will be possible. If I want to sign other keys, will I have to keep the primary key somewhere safe off-card? Both is possible. IMHO the best way is to use subkeys. If you want to sign a key, you can use the backup of your main key as long as you follow the howto at [1] which I happen to be a co-author of. c) For convenience, I bought two cards which are supposed to store the same keys. I want to carry one card around with me every day for mobile use (I also bought an SCR3500 reader for that purpose) and leave the other one at home in the card reader on my desk. Now the problem is that the keytocard command can only be issued once, since it deletes the key from the computer. To copy the keys to both cards, I would have to backup my secret keys, insert card #1, issue keytocard, restore the backup, insert card #2, issue keytocard again. Will that cause any problems in later GnuPG use as the cards' IDs are different? This should not be a problem if you follow the howto mentioned. You can use a copy of your backup and transfer the keys to the second card. It is however important to have the right secret keyring on the PC you are using the card with as the ID of the card which has the subkeys is being stored. I hope this is helpful for you, but if you have any questions, don't hesitate to ask :-) [1] http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups All the best, Martin pgpXsATuoRUfj.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Offline Master Key
Hi, * patric...@lavabit.com patric...@lavabit.com [110502 16:50, mID 7206.205.174.22.25.1304347651.squir...@lavabit.com]: Hi, I have question on key management and was looking for some feedback. My issue is that I like the idea of having a Master signing key with no expiration date and I want to store this key offline without the inconvenience of using an offline computer every time i'd like to send a signed/encrypted message. My idea is to create a master signing key on an offline computer(persistent live usb). Then create two subkeys that have regular expiration dates. One encryption key and one additional daily-use signing key. I would post my master key in my signature and use it to sign the sub-keys. When sending mail I would use my daily use key to sign my messages. I would only access and use my master key when it is necessary to sign other keys and update my sub keys. Would this create any problems for those reading and verifying my emails? Would it be necessary to link to my key policy in my mail or would it be seamless that my sub signing key is valid because it is signed by the master. If you follow the steps of the howto at [1] without using a smartcard (i.e. you don't move the subkeys to a OpenPGP card, but keep them in the keyring), this should work without problems. You can then sign and decrypt files with the subkeys (if you do it right, people will encrypt messages to the correct subkey *only*). [1] http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups HTH Martin pgpyI3xccVju7.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG not retrieving keys when verifying
* Todd A. Jacobs codegnome.consulting+gnupg@gmail.com [110417 17:14, mID BANLkTin=uajdgvq_ayu6hm_ikrcvdrv...@mail.gmail.com]: I'm not sure how I'm supposed to get GPG to automatically retrieve keys for signatures when validating a key. I'm currently running: gpg --keyserver-options auto-key-retrieve -kvv FBB75451 which doesn't do what I expect. I get a whole bunch of [User ID not found] messages, when what I expected was that keys matching those signatures would be retrieved from the keyserver. What am I doing wrong here? The auto-key-retrieve options is for signatures made on content, not on keys. AFAIK there is no option for automatically retrieving all keys that signed a key. Martin pgpdllQz5x3kk.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyservers
Hi, * Remco Rijnders re...@webconquest.com [110321 07:35, mID 412.a...@winter.webconquest.com]: While I fully agree on bottom posting being preferred, I wonder if it's not a lost battle already. People quoting 'properly' are in such a minority that I don't think this can be changed around anymore. Of course, some fora will still be the exception to this, but I fear they will become less and less in number. Most of the guides on proper netiquette date from the previous century too and people don't seem interested anymore in doing things properly. This depends very much on the people you communicate with. People in the Free Software are tend to do it right because when they start to use e-mail regularly with others in this area, they are usually being asked to use proper style :) I started with Free Software in the 21st century and still learned to not use full quotes and top posting. The first time I realized that proper e-mail style is useful was when I started to read more mailinglists with rather high message volumes – you just can keep a better overview with correct quoting :) Martin p.s. Even some of my non-techie friends realized the advantage of this style after a short explanation ;) The real problem is actually MS Outlook and its default settings. pgphre3VVg293.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Revoke signature from key
* David Shaw ds...@jabberwocky.com [110321 20:28, mID 387f8326-47af-419e-a9a7-7c37d048a...@jabberwocky.com]: On Mar 21, 2011, at 3:02 PM, Mike Acker wrote: Scenario thus far: • Tom Newguy joined my group • Tom created a keypair and sent his PUBLIC key to me • I have approved his membership in the group • I have signed his key and sent his public key with my signature to other members of the group • now Tom has left the group Object: to revoke my signature from Tom Newguy's key gpg --edit-key (newguyskey) revsig save You forgot gpg --send-keys (newguyskey) and the fact that signatures on a key are actually ment as a statement that the signer has checked the key owner's identity and not as a sign that someone belongs to a group or something... Martin pgpLBU8ZFVjal.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyservers
Hi, * Jonathan Ely thaj...@gmail.com [110320 22:18, mID 4d866ead.9080...@gmail.com]: Really? For me, it is much easier to access the newest reply instead of using the Down Arrow key to find it. Gmail always worked the same way for me. You might want to read [1,2,3]. [1] https://wiki.fsfe.org/Fellows/mk/EmailGuide [2] http://en.wikipedia.org/wiki/Posting_style [3] http://www.guckes.net/mail/editing.html Martin pgpzM6GEPIAHL.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
* Doug Barton do...@dougbarton.us [110227 05:30]: If you look at the characteristics of the actual messages encrypted mail is very similar whether it's in-line or MIME. It's signed messages that make things interesting because the signature in a MIME message is actually (sort of) an attachment but also sort of not, which is why it confuses simple mail readers like Outlook Express. Encrypted messages differ from signed messages. The percentage of inline-signed messages I receive with bad signatures is much higher than the number of PGP/MIME messages with broken signatures. Despite that, there are MUAs which do not automatically parse every message completely to see if there's inline PGP content in them, but if the see that a message uses PGP/MIME they immediately try to decrypt/verify the message. Martin pgpJv55KyzBlt.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [SOLVED] SCR3310 reader working for root, but not scard group
* Todd A. Jacobs codegnome.consult...@gmail.com [110227 04:02]: Here are the steps I needed to take under Ubuntu 10.10 to get this particular reader working properly as a mortal user. You could also have run the script [1] linked from the only up-to-date OpenPGP smartcard howto [2] I'm aware of. [1] http://download.fsfe.org/tools/cardreader/udev-howto-automatization.sh [2] http://wiki.fsfe.org/Card_howtos/Card_with_subkeys_using_backups All the best, Martin pgpRWFRaMoTaW.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart Card Physical Best Practices?
* Grant Olson k...@grant-olson.net [110227 04:11]: I usually just leave it in until I leave the computer for lunch or a meeting or whatever. Same here, but I always take the card with me if I leave the room. One thing I didn't realize at first, is that once you've unlocked either your encryption or authentication key, it will remain unlocked as long as the card is powered up, regardless of any password cache settings you've set in your gpg configuration. If that bothers you, but you don't want to keep yanking and inserting the smartcard, you can kill the scdaemon process and it'll effectively 'unplug' your card. I'm pretty sure there's an easier command to do this too, but I can't remember it off-hand. Yes, this might be an issue. What I do is that I run my gpg-agent in a loop and the agent is killed every 10 minutes or so, also causing scdaemon to exit. This works pretty well. And, of course, you should force the card to ask for the PIN for every single signature (this can be set on the card itseld). But I personally just assume I'll notice the blinking activity light on my reader if some malware script or something weird tries to run gpg commands while the card is activated. My multitasking capabilities are not good enough for parallely working on my PC and always watching my card reader at the same time ;-) Martin pgpGEbCqRyk43.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
* David Tomaschik da...@systemoverlord.com [110227 19:22]: How about inline confuses users who don't know anything about OpenPGP? 100% agreed. Thank you! Martin pgpOXtxwgzgho.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
* Robert J. Hansen r...@sixdemonbag.org [110227 20:28]: How about inline confuses users who don't know anything about OpenPGP? 1. Why are you sending them signed emails anyway? I sign *all* my e-mail except for messages sent from my mobile (in that case, my signature tells the receiver why the message is not signed and offers the receiver to request a signed proof of authenticity later) or messages to people who can't receive signed messages (I had a case where e-mails arrived empty because of the MS Exchange/Antivirus/whatever combination at the receivers working place). 2. And seeing strange MIME attachments doesn't confuse people? Less than strange text fragments at the head and the bottom of a message (Some people even think they are being spammed when they see inline PGP data), because an attachment without useful data will rather be ignored. Martin pgpOeUJ0XAMmC.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
* Patrick Brunschwig patr...@mozilla-enigmail.org [110225 10:10]: On 25.02.11 07:43, Robert J. Hansen wrote: On 2/24/11 10:15 PM, Daniel Kahn Gillmor wrote: my colleague is using the application named email, version 2.2.2 on a stock 2.2.1 motorola droid. My problem is reproducible on a stock Droid X running 2.2.something -- just got off a very long flight, funeral in the morning: I'll dig the precise version number tomorrow. The only mail client on Android I know of to handle OpenPGP messages is K9 (together with APG). But K9 only supports inline-PGP, PGP/MIME messages are not displayed. This is true, but K9 at least does display the messages correctly. Despite that, PGP/MIME support is being worked on because it's considered better than inline PGP. Martin pgp5TiVUPmun3.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
* Robert J. Hansen r...@sixdemonbag.org [110225 07:47]: There are good reasons to prefer a PGP/MIME and S/MIME signature standards over inline PGP. And vice-versa. In inline's defense, it *works*, and PGP/MIME often doesn't. Maybe one should think about *why* this is the case. Nevertheless, your statement is not true as such. PGP/MIME *does* work, but there are MUAs out there which can't cope with it. Martin pgpZ7aij3sSJ8.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile
* Daniel Kahn Gillmor d...@fifthhorseman.net [110225 18:31]: On 02/25/2011 12:11 PM, Martin Gollowitzer wrote: * Patrick Brunschwig patr...@mozilla-enigmail.org [110225 10:10]: The only mail client on Android I know of to handle OpenPGP messages is K9 (together with APG). But K9 only supports inline-PGP, PGP/MIME messages are not displayed. This is true, but K9 at least does display the messages correctly. These two statements seem to be in direct contradiction to each other. Sorry for the misunderstanding: The message body is being displayed, but the signature is not verified. K9 is the only e-mail client for Android that I consider usable. All the best, Martin pgpZaPtkhKopq.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: PGP/MIME considered harmful for mobile (Jameson Rollins)
* Avi avi.w...@gmail.com [110225 19:21]: For those of us who use webmail, inline signatures are rather useful. There are webmail applications supporting PGP/MIME. If yours doesn't, it is not a good one. Inline signatures are not a good thing IMHO. Martin pgpPpk4wPE5Xj.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What is the benefit of signing an encrypted email
Hi Werner, * Werner Koch w...@gnupg.org [110119 19:31]: I'd like to see a feature in MUAs to wrap the entire mail as presented in the composer into a message/rfc822 container and send the actual message out with the same headers as in the rfc822 container. This allows to sign the entire mail including the headers. On the receiving site the MUA should figure out that the signed headers match the actual ones and visually indicate the message including the header as signed. This is fully MIME compliant and should not break any MIME aware mailer (except for those only claiming to support MIME). I think this would be really great. Do you think it's worth the effort to contact the developers of Thunderbird/Enigmail, Mutt, Gnus and some others that support OpenPGP about this? Thanks, Martin -- For extra security, this message has been encrypted with double-ROT13. pgpE8D9k6LmZs.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Prosecution based on memory forensics
* freej...@is-not-my.name freej...@is-not-my.name [110113 11:35]: P.S. Robert, how about trimming your line lengths! Apple Mail sucks at this ;) Martin smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What is the benefit of signing an encrypted email
Hi, * jimbob palmer jimbobpal...@gmail.com [110111 12:05]: In Firefox I can sign or encrypt or encrypt+sign an e-mail. In what case would I want my encrypted emails also signed? Does it provide any additional benefit over a pure encrypted email? A digital signature is useful so the sender can check if that message was really sent by you. If it's only encrypted, there is no proof for that since everyone who knows the recipient's public key can encrypt messages for this particular person. All the best, Martin -- The early worm is for the birds. pgp5z5w27fqOS.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Problems with pcsc-lite 1.6.6 and Cherry ST-2000U
Hi all, Has anyone experienced problems with the most recent version of pcsc-lite (1.6.6) when using an OpenPGP smartcard with GnuPG? My card reader, a Cherry ST-2000U stopped working after I updated my Gentoo system recently (while my SCR335 still works). I tried to do some debugging and scdaemon reports an unknown PC/SC error code. This is all I could find out. I also tried to disable the internal CCID driver, but this didn't change anything. I still receive different error messages (like no card found although the card is inserted). Any hints what I could do? Thanks, Martin pgpEpaOcaZ8iy.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users