GnuPG 2.3.0 database
It is with great anticipation that I fire up a raspberry pi 4 to compile the newest version of GnuPG 2.3.0 using speedo. However I ran into: GnuPG version in swdb.lst is less than this version! This version: 2.3.0 SWDB version: 2.2.27 /home/pi/Downloads/gnupg-2.3.0/build-aux/speedo.mk:393: *** Error getting GnuPG software version database. Stop. make[1]: Leaving directory '/home/pi/Downloads/gnupg-2.3.0' make: *** [build-aux/speedo.mk:139: native] Error 2 I'm looking forward with held breath to the updated SWDB :) Murphy OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
swdb.lst problem
With a new version of raspbian out for the raspberry pi I'm having trouble with a speedo compile of gnupg-2.2.19 with error messages: make -f /home/pi/Downloads/gnupg-2.2.19/build-aux/speedo.mk UPD_SWDB=1 TARGETOS=native WHAT=release WITH_GUI=0 all make[1]: Entering directory '/home/pi/Downloads/gnupg-2.2.19' download of swdb.lst failed. /home/pi/Downloads/gnupg-2.2.19/build-aux/speedo.mk:311: *** Error getting GnuPG software version database. Stop. make[1]: Leaving directory '/home/pi/Downloads/gnupg-2.2.19' make: *** [build-aux/speedo.mk:73: native] Error 2 Also when I try to download swdb.lst directly it fails with: ~/Downloads/gnupg-2.2.19/build-aux $ sh getswdb.sh download of swdb.lst failed. This seemed to work fine a couple of days ago - anybody know how I can fix this? Thanks - Murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
I've been hacked and now I only use a key pair on keybase.
> ...until I have the funds to > buy me a new *offline* usage Notebook. Hi Stefan - I don't know your use model but you can't beat a $5 USD Rapsberry Pi Zero V1.3 for a cheap offline platform that can compile and use GnuPG 2.2.15. murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Speedo build of GnuPG v2.2.13 fails for me
Hi Ajax - For what it is worth I put up a github bash file that should build the latest version of gpg using the fabulous speedo method in a Debian based environment. I ran this yesterday and it works on Ubuntu 18.04 and the latest Raspbian Stretch (Raspberry Pi OS based on Stretch). https://github.com/sandyCH/gpg_build I also noticed that the database had not been updated and chose to wait until it was found and corrected. It happens sometimes. I hope you find this useful! murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
compilation error for libgpg-error-1.28 on armhf
Hi - does anyone know how to force speedo to compile using
libgpg-error-1.27 for the latest version of GnuPG (2.2.5)? I came
across a bug in libgpg-error-1.28 while using the speedo method on a
Raspberry Pi 3 running the latest 'Jessie' Raspbian:
/home/pi/Downloads/gnupg-2.2.5/PLAY/src/libgpg-error/src/logging.c: In
function '_gpgrt_log_printhex':
/home/pi/Downloads/gnupg-2.2.5/PLAY/src/libgpg-error/src/logging.c:1153:49:
error: incompatible type for argument 4 of '_gpgrt_logv_printhex'
_gpgrt_logv_printhex (buffer, length, NULL, NULL);
^~~~
/home/pi/Downloads/gnupg-2.2.5/PLAY/src/libgpg-error/src/logging.c:1097:1:
note: expected 'va_list {aka __va_list}' but argument is of type 'void *'
_gpgrt_logv_printhex (const void *buffer, size_t length,
^~~~
This has been identified previously by dkg and is being worked:
https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1592390.html
As a work-around I found everything compiles nicely if libgpg-error-1.27
is used instead. But then I cannot use the beloved speedo method! Is
it possible to easily make speedo use v1.27?
Best Regards - Murphy
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Complete Ubuntu compile of GnuPG
Yes, the permissions and gpg-agent.conf creation is a problem I would like to find an easy way around. As it turns out a fresh install of ubuntu 16.04.3 already has /usr/bin/pinentry-gnome3 installed. That, plus the fact that libgnutls28-dev also installs a bunch of stuff on my bash file means I can reduce it to: cd ~/Downloads version=gnupg-2.2.3 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig tar xf $version.tar.bz2 cd $version sudo apt-get update sudo apt-get install -y libldap2-dev sudo apt-get install -y gtk+-2 sudo apt-get install -y rng-tools sudo apt-get install -y libbz2-dev sudo apt-get install -y libgnutls28-dev sudo apt-get install -y libsqlite3-dev sudo apt-get install -y libreadline-dev sudo apt-get install -y pcscd scdaemon sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local speedo_pkg_gnupg_configure='--enable-g13 --enable-wks-tools --with-pinentry-pgm=/usr/bin/pinentry-gnome3' native sudo ldconfig Of course the line "sudo make -f ... native" is all one line. This enables pinentry-gnome3 without having to do a separate creation of gpg-agent.conf and the whole issue of permissions is avoided. I would like to thank Werner, Robert, and Phil for the very helpful suggestions. murphy On 11/25/2017 04:02 AM, Dmitry Gudkov wrote: > > hi murphy, > > > i dare suggest adding this command after creating gpg-agent.conf file: > > > *chmod 600 agp-agent.conf* > > > i came across an old thread on gnupg 2.xxx where its said that .gnupg > directory must have 700 and all files inside this directory 600 > permissions > > > cheers > > Dmitry > > signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Complete Ubuntu compile of GnuPG
Thanks to all for suggestions. For a complete compile on a fresh install of Ubuntu, I managed to get the bash file down to a minimum of: cd ~/Downloads version=gnupg-2.2.3 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig tar xf $version.tar.bz2 cd $version sudo apt-get update sudo apt-get install -y libldap2-dev sudo apt-get install -y gtk+-2 sudo apt-get install -y rng-tools sudo apt-get install -y libbz2-dev sudo apt-get install -y zlib1g-dev sudo apt-get install -y libgnutls28-dev sudo apt-get install -y libsqlite3-dev sudo apt-get install -y libreadline-dev sudo apt-get install -y pinentry-gtk2 sudo apt-get install -y pcscd scdaemon sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local \ speedo_pkg_gnupg_configure='--enable-g13 \ --enable-wks-tools' native sudo ldconfig Without the libgnutls28-dev install Ubuntu is without a suitable compiler or even the make command. This installs make, gcc+-7 and probably lots of unnecessary stuff but at least it is a one-liner. For the Yubikey smart card the Ubuntu package scdaemon seems to be required as gpg --card-edit complains and fails if it is not included in the ubuntu installation list. This bash file has the advantage of using only Ubuntu packages and speedo, so the only update change needed is changing a single digit in version=gnupg-2.2.3 for the near future upgrades. No unnecessary repeat compiles are done since pinentry is a package, although it is necessary to include the configuration file at least once: nano ~/.gnupg/gpg-agent.conf pinentry-program /usr/bin/pinentry-gtk-2 or the pinentry version of your choice (-gnome3, -qt, -tty, -x11, -curses packages are all available for install and configure). I'm sure this can be improved upon and I am eager to see if it can be made even smaller and faster while keeping the convenience of changing a single digit and renaming gpg223.sh to gpg224.sh. Thanks - murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Complete Ubuntu compile of GnuPG
Thanks to all for the suggested improvements!! One think I forgot to mention was to add the configuration: nano ~/.gnupg/gpg-agent.conf pinentry-program /usr/bin/pinentry-gtk-2 This is required since pinentry is not compiled from source but installed as an Ubuntu package. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Complete Ubuntu compile of GnuPG
My goal is to compile the latest version of GnuPG for Ubuntu. The following bash file does pretty well: cd ~/Downloads version=gnupg-2.2.3 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig tar xf $version.tar.bz2 cd $version sudo apt-get update sudo apt-get install -y libldap2-dev sudo apt-get install -y gtk+-2 sudo apt-get install -y rng-tools sudo apt-get install -y libbz2-dev sudo apt-get install -y zlib1g-dev sudo apt-get install -y libgmp-dev sudo apt-get install -y nettle-dev sudo apt-get install -y libgnutls28-dev sudo apt-get install -y libsqlite3-dev sudo apt-get install -y adns-tools sudo apt-get install -y libreadline-dev sudo apt-get install -y pinentry-gtk2 sudo apt-get install -y pcscd scdaemon sudo make -f build-aux/speedo.mk native INSTALL_PREFIX=/usr/local sudo ldconfig But there are a couple of no answers I would like to eliminate: GnuPG v2.2.3 has been configured as follows: Revision: 97f4fea (38900) Platform: GNU/Linux (x86_64-pc-linux-gnu) OpenPGP: yes S/MIME: yes Agent: yes Smartcard: yes (without internal CCID driver) G13: no Dirmngr: yes Gpgtar: yes WKS tools: no Protect tool: (default) LDAP wrapper: (default) Default agent: (default) Default pinentry: (default) Default scdaemon: (default) Default dirmngr: (default) Dirmngr auto start: yes Readline support: yes LDAP support: yes TLS support: gnutls TOFU support: yes Tor support: yes Specifically G13 and WKS tools are not supported. Am I missing some dependencies? Preferably they should be available via 'sudo apt-get install' since this is checked for in new compiles and not reinstalled. The bash file works on a fresh install of Ubuntu 16.04, 17.10 and Raspbian Stretch (for Raspberry Pi). Any suggestions for improvements? Murphy ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG 2.2.2 speedo swdb.lst
Hi Werner - I had trouble compiling GnuPG on my Raspberry Pi with error: make -f /home/pi/Downloads/gnupg-2.2.2/build-aux/speedo.mk UPD_SWDB=1 TARGETOS=native WHAT=release WITH_GUI=0 all make[1]: Entering directory '/home/pi/Downloads/gnupg-2.2.2' gpgv: Signature made Thu 21 Sep 2017 03:51:24 AM EDT gpgv: using RSA key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 gpgv: Good signature from "Werner Koch (dist sig)" GnuPG version in swdb.lst is less than this version! This version: 2.2.2 SWDB version: 2.2.1 /home/pi/Downloads/gnupg-2.2.2/build-aux/speedo.mk:272: *** Error getting GnuPG software version database. Stop. make[1]: Leaving directory '/home/pi/Downloads/gnupg-2.2.2' build-aux/speedo.mk:72: recipe for target 'native' failed make: *** [native] Error 2 $ cat swdb.lst gnupg22_ver 2.2.1 gnupg22_date 2017-09-19 Does this need to be updated to 2.2.2 ? Thanks for your attention! Murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG public key vulnerability?
I got a signed notification from facebook (good signature, enigmail) that claims my GnuPG generated public key has a "recently disclosed vulnerability". This is the full text: We have detected that the OpenPGP key on your Facebook profile may be susceptible to attacks due to a recently disclosed vulnerability. We recommend that you revoke and replace your public key immediately to minimize the risk to your encrypted communications. You can update your public key by visiting your Security and Login settings. To help reduce the risk of your key being attacked, we have set the privacy of your potentially vulnerable public key on your profile to "Only Me" to limit further distribution. We will continue to encrypt your notification emails using this OpenPGP public key. This is doubly weird since the private/public key was generated on a Yubikey-4 nano and it is safe at home. Does anyone know what this may be about? Facebook public key (it is valid, see: https://www.facebook.com/notes/protect-the-graph/securing-email-communications-from-facebook/1611941762379302/): pub rsa4096 2015-05-17 [SC] [expires: 2018-05-17] 31A70953D8D590BA1FAB37762F3898CEDEE958CF uid [ full ] Facebook, Inc. sub rsa4096 2017-07-24 [S] [expires: 2018-02-19] My public key is uploaded to keyservers and is: pub rsa4096 2016-10-17 [SC] [expires: 2018-10-17] D89A29A3E1DA59DFBF516EA73E450D1BCF78C26B uid [ultimate] orange uid [ultimate] Murphy Chesney (facebook communication) <mac3...@gmail.com> sub rsa4096 2016-10-17 [A] [expires: 2018-10-17] sub rsa2048 2016-10-17 [E] [expires: 2018-10-17] Murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
speedo Error 2, download swdb.lst failed
Hi all - during a routine build of gnupg-2.1.21 for Ubuntu 16.04 LTS a speedo build from source that has consistently worked as recently as a few days ago has now consistently hung up. This is true on a Raspberry Pi 3 armhf environment as well as Ubuntu linux. The offending command seems to be: $ sudo make -f build-aux/speedo.mk native INSTALL_PREFIX=/usr/local [sudo] password for murphy: make -f /home/murphy/Downloads/gnupg-2.1.21/build-aux/speedo.mk UPD_SWDB=1 TARGETOS=native WHAT=release WITH_GUI=0 all make[1]: Entering directory '/home/murphy/Downloads/gnupg-2.1.21' download of swdb.lst failed. /home/murphy/Downloads/gnupg-2.1.21/build-aux/speedo.mk:272: *** Error getting GnuPG software version database. Stop. make[1]: Leaving directory '/home/murphy/Downloads/gnupg-2.1.21' build-aux/speedo.mk:72: recipe for target 'native' failed make: *** [native] Error 2 Has there been a recent change affecting swdb.lst??? I have been using the provided speedo method for years and have never encountered this problem before. It is now reproducible even on installations where it previously succeeded in installing gnupg-2.1.21. Thanks in advance, Murphy ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg2 --version gpg: Fatal: libgcrypt is too old (need 1.7.0, have 1.6.3)
Hi David - I have run into this exact issue on various 32 bit machines or OS that run as 32 bit, like raspberry pi. I am certainly no expert but this seems to consistently solve the problem. sudo nano /etc/ld.so.conf Then place the following as the first line: include /etc/ld.so.conf.d/libc.conf save and then: sudo ldconfig Best of luck! Murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What is a reliable way to backup/restore my keys and test?
Also how to handle the tofu.db? A quick check doesn't find any --import-tofu or --export-tofu options. Does a simple backup and transfer of tofu.db suffice? --Murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG-2.1.15 compile with tofu
FYI - On a clean, fresh installation of Ubuntu 16.04 LTS the following instructions will result in gnupg 2.1.15 with a functioning tofu: cd ~/Downloads wget https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.15.tar.bz2 wget https://gnupg.org/ftp/gcrypt/pinentry/pinentry-0.9.7.tar.bz2 tar xf gnupg-2.1.15.tar.bz2 tar xf pinentry-0.9.7.tar.bz2 cd gnupg-2.1.15 sudo apt-get update sudo apt-get install libldap2-dev -y sudo apt-get install gtk+-2 -y sudo apt-get install rng-tools -y sudo apt-get install libbz2-dev -y sudo apt-get install zlib1g-dev -y sudo apt-get install libgmp-dev -y sudo apt-get install nettle-dev -y sudo apt-get install libgnutls-dev -y sudo apt-get install libsqlite3-dev -y sudo apt-get install adns-tools -y sudo apt-get install libreadline-dev -y sudo make -f build-aux/speedo.mk native INSTALL_PREFIX=/usr/local cd .. cd pinentry-0.9.7 ./configure make sudo make install sudo ldconfig After executing the above (it can be done as a bash file) reboot. I hope this saves people some time. The same format with slight changes will compile new versions. If there are errors let me know but it does work. --Murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Having some issues installing from source
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 > I'm having a hell of a time trying to compile and install gnupg > from the source code on an ubuntu machine. I've posted a thread on > AskUbuntu here > http://askubuntu.com/questions/681041/trying-to-compile-gnupg-from-sou rce >if > someone would be willing to lend a hand. Joshua - If you are willing to give GnuPG modern (2.1.X) a go the included Speedo method makes the compile process easy. Here is the entry I also posted on AskUbuntu: 1. sudo apt-get update 2. sudo apt-get install libldap2-dev gtk+-2 libbz2-dev 3. after unpacking the latest gnupg-2.1.X tarball and cd to the new folder, run the command: 4. sudo make -f build-aux/speedo.mk native INSTALL_PREFIX=/usr/local sudo ldconfig 5. download the latest pinentry-0.9.5, run ./configure && make && sudo make install. 6. test it out: gpg2 --version I noticed your build attempt was on gnupg-2.0.X which unfortunately does not have the speedo method included (that I could find) but if you want to have the newest features including elliptic curve crypto then 2.1 is the best! Good Luck. -Murphy -BEGIN PGP SIGNATURE- Version: GnuPG v2 iJwEAQEIAAYFAlYP7+gACgkQUVKxkWZz2Q190QP/Xxz0BOwT1pHZ2W8V0dlAuppK n5sthl5efk3NzMgpzTKyAYsiWNV0TPfsM8vmbdt2L6hXsJ0i4Ctu0pKVbSrsLfk1 tAfN5W/IZHlq1CuiXpeT3iNEq/ZQ68MNnXiP7FK1GntjUKOep6nJkiMBaU2BrQX+ 61xhK23ze7VklEZzEm4= =oztG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.0 modern released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ah, found it under (11) ECC (set your own capabilities) (11) ECC (set your own capabilities) Your selection? 11 Possible actions for a ECDSA key: Sign Certify Authenticate Current allowed actions: Sign Certify (S) Toggle the sign capability (A) Toggle the authenticate capability (Q) Finished Your selection? q Please select which elliptic curve you want: (1) Curve 25519 (2) NIST P-256 (3) NIST P-384 (4) NIST P-521 (5) Brainpool P-256 (6) Brainpool P-384 (7) Brainpool P-512 Your selection? 1 gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard. Use this curve anyway? (y/N) y It generated fine in Linux. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlRgHlsACgkQUVKxkWZz2Q0ftwQAir36kUJq9lF7I0RM+GzyBG6u QIIAVnSivug7PP1Z/TidsFl+ITR4MG5zESud54ZcByqz92k0zzchbShpVDU+39yD Vlxx6jIfKSnQgSNd2ZufLxo6cOmpd3Erex4d8ATrlrCGRHpllHHbFsImNHoxuqyv H/wcIg3pSV3FQLmkuD4= =Rt4/ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] GnuPG 2.1.0 modern released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ok - found the same issue with gpg2 --expert --edit myKey gpg addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (10) ECC (sign only) (11) ECC (set your own capabilities) (12) ECC (encrypt only) (13) Existing key Your selection? 12 Please select which elliptic curve you want: (1) Curve 25519 (2) NIST P-256 (3) NIST P-384 (4) NIST P-521 (5) Brainpool P-256 (6) Brainpool P-384 (7) Brainpool P-512 Your selection? 1 gpg: WARNING: Curve25519 is not yet part of the OpenPGP standard. Use this curve anyway? (y/N) y Please specify how long the key should be valid. 0 = key does not expire n = key expires in n days nw = key expires in n weeks nm = key expires in n months ny = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: agent_genkey failed: Unknown elliptic curve gpg: Key generation failed: Unknown elliptic curve So Linux has the same bug. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlRgJUUACgkQUVKxkWZz2Q0/JAP+JoqE96OHIxvjq1bZWAcGn8Ce ZRiw55CzVLHLIg+6XQSujdIdH6onxUhzuP79wcq1ibvfF9GYkfBQgpvDoTj+0T3z n6Yd2Ua0ou1mLSHHNj4my4vJmV1gYD3Ef0ilZ1TJzdNuHG9k7+myI5Q6lfgul2lz ZoTptmcNqjWqoQjT6BM= =ADLB -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Announce] The maybe final Beta for GnuPG 2.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pete - beta 864 compiled perfectly for me in Ubuntu 14.04 LTS. I suspect you need to use super user powers here. If you want a practice version try in a safe directory try: sudo make -f build-aux/speedo.mk native otherwise if you want it installed on your machine ready to go use sudo make -f build-aux/speedo.mk native INSTALL_PREFIX=/usr/local and Thanks Werner for putting in the INSTALL_PREFIX=/usr/local to make it work instantly, for us non-unix gurus :) I am now using gpg2.1 as my main version 2. If there is anything truly mission critical I can always use version 1.x until the stable version of 2.1 comes out. Cheers! -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQvEJoACgkQUVKxkWZz2Q0/VQQAjrks7Dvhi5LZZMapE4i+qKnG 3oHyRyD6Q9K2T05zR9sWBAI2ZJwE5z3soOH/2+vcazy/uLyl1qN68cFIaE86k75T QZ4S/1UilHV8SBnP91nS2xSRLr4TyuKWGTZrEaF0EZtV8XN8TY9a00NtJ+RsTsmo 1eK141d/t2yOaWmFNOs= =X5VP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What are the symptoms of gnome highjacking pinentry ? Phillip, if you are encrypting/decrypting or signing emails with gpg2 and having no problems with error messages then you don't need to put in the command of step no. 2. The symptoms of a hijacking is that when gpg2 tries to put up a pinentry box gnome keyring hijacks the process and puts up its own box. Recent versions of gnupg-2.0.x will then display an error message in the terminal and bad things happen. Either you only get one attempt at changing passphrases or the whole process crashes. The process may succeed or not, it is unpredictable. If you wish to witness it first hand I recommend using virtualbox. Set up a fresh install of Ubuntu inside virtualbox (really easy and fun) and then install Gnupg-2.1.0 without the command in step 2. Then try to generate a key, if you can. The virtualbox environment is perfect for experimenting with new beta versions and playing with ECC keys and subkeys, without disturbing you regular production environment. Murphy -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQfLbMACgkQUVKxkWZz2Q25uQP9GgJikeZPNYVBYQ2Gkzr4OP7r jFMhyQyfeut5RWgx6CPovH13nJXXR2tOnJnzkCAimZr07rIZh2WQbCKF8r5cFWFs yJGG2/en9xUeZiDOzvMT5oJ6WJdHJNJzf4hLZGF4pEzgHYC596z9L9u28S7dBRws f3rAdWupaWmKSuyXB6o= =0o7W -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/09/14 10:20, Murphy wrote: What, please, is the reason for the step no. 2 in the above list ? This is a command to prevent gnome from hijacking pinentry. Without it or something like it error messages are generated during execution of the gpg2 command. I forget who suggested it but I remember that Werner endorsed it. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQdje0ACgkQUVKxkWZz2Q2jXwP+L7HTEJW5NbV1LHDmTvHJTNTz kgo6jfR7uJ8XMTJQxABfTL4BydBZ81Nnq2FEgDQv4CT9Vxfq1JyKH5MtkLLEb5GW YHM5ONzeH/omYrxoKwdopstBWY5DnjJiQPFalS0Ra3RfbUFKSKwCoCnSpE7aIHcN 9RvzpIMAX1jmvOXpIEU= =wBsG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am definitely having fun with Speedo. After playing around with it in a virtual box Ubuntu environment I can see the advantage. It immediately downloads and installs the required libraries as advertised and builds an executable gpg2 in PLAY/inst/. Unfortunately for me I cannot then get it to perform its duty. I execute the suggested command LD_LIBRARY_PATH=$(pwd)/PLAY/inst/lib typed exactly as written above, and then nothing happens. gpg2 continues to execute as the previously installed version. Any ideas? Ok, onward to the w32-installer. Immediately I am stumped by the simple requirement to put the source packages in ../tarballs. I admit, I am relatively new to Linux but can somebody give me a hint as to what is meant by ../? A simple command to create the required directory would be very helpful. Something I can copy and paste to make it happen. I am committed to making the w32-installer. It will happen. Thanks! -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQeLiYACgkQUVKxkWZz2Q3frAP+PG9C0EktFZge+BXrhx2GxoXu yE1VqmPXjxnG833Brh078xhg026EmJKrtkf2MNmnugcKGvuXHQAcQwjhY/oj2Zzg Ij03Nif1yDfkA01f/Tl8TTF06Ji0nAJ4vA/8hJUZ3E3N1rQqyRJI1O38JsJuq/g5 007fn5JuzNoMQLMXcb8= =Vkjf -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: New beta
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In response to vedaal's question - installation of gnupg v2.1 is significantly different from v1.x and even v2.0. For my Ubuntu machine hHere is a brief summary of the steps, in order 1. Install latest libraries: npth, libgpg-error, libgcrypt, libksba, libassuan 2. Execute the following command: sudo ln -sf /dev/null /etc/xdg/autostart/gnome-keyring-gpg.desktop 3. sudo apt-get install libdb-dev, libdb++-dev, libbz2-dev 4. Install Openldap-2.4.39 using ./configure, make depend, make, sudo make install 5. sudo apt-get install gtk+-2.0 6. Install pinentry, gnupg-2.1 Of course your milage may vary, machine blow up and hard drive autowipe. But it works for me and it is definitely worth it to play with all the new elliptical curve modes: me@me:~$ gpg2 --expert --gen-key gpg (GnuPG) 2.1.0-beta834; Copyright (C) 2014 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: NOTE: THIS IS A DEVELOPMENT VERSION! gpg: It is only intended for test purposes and should NOT be gpg: used in a production environment or with production keys! Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC (10) ECC (sign only) (11) ECC (set your own capabilities) Your selection? 9 Please select which elliptic curve you want: (2) NIST P-256 (3) NIST P-384 (4) NIST P-521 (5) Brainpool P-256 (6) Brainpool P-384 (7) Brainpool P-512 Your selection? -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQcxqcACgkQUVKxkWZz2Q0UlAP+IRkpjRoJ8qwaQmExBU8DUG1+ KNRi5SXTAwdDj/EEmEoSQR54s1GLv7wxEp+Rs4idQMn/Z6titfJRv0KdeBSOG3Te V6KKqX8F2n9tB0DZucXXjzpejHEt1TcXT11c97BV6k5BhUBZ5zVcm8DWa1GhO5r6 8SszspcbBjz+xn95rLs= =ttmO -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Installing GPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You mean GPA 0.9.5? Yes, GPA-0.9.5. In case you installed gpgme to /usr/local you should add /usr/local/lib to your /etc/ld.so.conf and run ldconfig. Done! Thank you. To diagnose the problem you may run ldd gpa | grep libgpgme. Everything seems to be in order now. The result is: libgpgme.so.11 = /usr/local/lib/libgpgme.so.11 I can't tell you - are these X.509 certificates? Yes, X.509 certificates (14 expired out of 15). An example is: Issuer ...: /CN=7R-CA 1:PN/NameDistinguisher=1/O=RegulierungsbehÈorde fÈur Telekommunikation und I tried to delete a few of them using gpa 0.9.5 but kept getting the error message: GPGME library returned an unexpected error at gpakeydeleteop.c:208. The error was: No public key These do not show up with the gpg2 -k command on my machine. In case none of us has said so lately, thank you, Werner, for your immeasurable contributions to individual security and dignity throughout the world. Sandy (Murphy) -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQLCAUACgkQUVKxkWZz2Q0iIwP9FBvJNWqi2Wr88JRbr0TQaoha rxHHctZNDBYPyGIZ6Z8tUQ7FSZqbISiwHcrSt/ZraJSYEd6ZCjhiSQQAMKLN2bF5 Vtuo12/VRhFUriQXXbVQRIn1yRZ7L1sv5lQST2sl51Szt/YFtXn6dYRTcRosyiAM a1KPTSlvNx6hxAET1+g= =4gZV -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Installing GPA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Making the switch to Linux (Ubuntu 14.04 LTS) has opened up whole new vistas in Gnupg. Installing the newest GPA was a bit of a challenge but well worth it. With Gnupg-2.0.26 installed I was never able to get GPA fully working. Errors such as: relocation error: gpa: symbol gpgme_op_spawn, version GPGME_1.1 not defined in file libgpgme.so.11 with link time reference, Unknown option, gpg-agent: no agent running, Certificate not recognized, etc, etc, etc. Finally I installed Gnupg-2.1.0-beta783 on top of Gnupg-2.0.26 and GPA came to life. The gpg-agent runs, all certificates are recognized (where did all those expired ones come from???), and all error messages are gone. I vote beta783 version is ready for production!! Anybody know what would happen if I delete all those old expired certificates? -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlQJscUACgkQUVKxkWZz2Q1UfwP+NCNuI5oZshmcEEVMXvvyTzst 2kDS0WFf7X2PpEYIp24r278Cd2PRwb317+euSrDJu3ksS1Tm/TC+cD6sHh37FdM+ VBjSm9UfUz6yfmaYS6M9dDRbdt471i+pQSO6kOoM4/B8nwvGWYZXOtrJkE0+JytR 5dyh66d/zI1uQdwBu4c= =zhGO -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg-2.1 Install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Success! I finally got a consistent install of beta version gnupg-2.1.0 on a fresh version of Ubuntu 14.04 inside VirtualBox. These steps work: 1. Download, verify and unpack npth, libgpg-error, libgcrypt, libksba, libassuan. 2. Install each in order using the commands: ./configure, make, sudo make install, make check. 3. sudo mv /usr/bin/gnome-keyring-daemon /usr/bin/gnome-keyring-daemon.bak (this is a hack to prevent gnome from hijacking gnupg) 4. sudo apt-get install libdb-dev 5. sudo apt-get install libdb++-dev 6. Install Openldap 2.4.39 using commands: ./configure, make depend, make, sudo make install (dont bother with the check, it is too long and weird) 7. sudo apt-get install gtk+-2.0 8. Install pinentry-0.8.3 using step 2 9. Download, verify and unpack gnupg-2.1.0, install using step 2 10. The make check seems to hang on genkey1024.test (right after detachm.test) but don't give up. It actually took 20 minutes by my watch on my HP Envy i5 3 GHz machine to complete this step, then completed all tests successfully. Now we Ubuntu users can play with elliptical curve crypto, google's end-to-end encryption scheme, and also help Werner evaluate this beta version. Keeping it on VirtualBox is the ideal way to evaluate this. Thanks for all the help and comments - Sandy -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlPpht4ACgkQUVKxkWZz2Q13OwP+Pv6TWaCgo076vdFu24iG0bAZ UAhyZjuKOuHtMuNt3AnagP3Lsg0o9olWJyNAJtEt4EqMTlgoqRIvYLB0zGEsDO99 22WM1W4s6aJdnXhR35SU1k1UfGFjk7u/eP4s7tMqifuJD9Oh98mZrlvrvGmEHVbI vFPbuTM625cJTj/HWEs= =c1SD -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gnupg-2.1 Install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For some of us relatively new Ubuntu Linux users installing the latest gnupg can be a challenge. I usually end up putting Ubuntu into some strange state before everything works. I propose a method to help us newbies. Successful installation steps on a brand new Oracle VM VirtualBox installation of Ubuntu 14.04 should be published. A new install has no non-standard libraries etc and so should be reproducible for everyone starting from scratch. Working in a virtual environment doesn't mess up your normal installation and you can save various stages to try something new. As an example here is what is required on a new Ubuntu install for Gnupg 2.0.25: 1. Download, unpack, and verify: libgpg-error-1.13, libgcrypt-1.6.1, libassuan-2.1.1, libksba-1.3.0, pth-2.0.7 2. cd new directory, ./configure, make, sudo make install, make check; each of above in order 3. sudo apt-get install gtk+-2.0 4. Download, unpack, verify: pinentry-0.8.3, do the steps in 2 for pinentry only 5. Download, unpack, verify: Gnupg-2.0.25 6. Do step 2 for Gnupg-2.0.25 only 6. This is garaunteed to pass all 28 tests on a virgin install of Ubuntu 14.04 and should work on your actual working Ubuntu install with other versions of Gnupg present. Now I ask the help of the group. I have been unsuccessful in doing the same for the beta version of Gnupg-2.1. Simply installing npth, libpg-error, libgcrypt, libksba, and libassuan does not even come close to succeeding. npth requires LDAP that requires something called BerkelyDB that seems to be satisfied by sudo apt-get install libdb-dev, libdb++-dev (I think). Even then the compile limps along and fails 27/29 tests. If anyone has succeeded in doing this reproducibly on a virgin Ubuntu install I would appreciate seeing the detailed steps (and I'm sure others would too). Hopefully yours, Sandy -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlPoTPoACgkQUVKxkWZz2Q1YrgP/ZYW/N9FwspI47k7b2K3XfjeG vhp5yS6GJygUGPNkhl849yjMQ65dIRmGBMiHJE8Eb8+B9VSm7UbpgLRDz/GeTERm OhStGvxGsS7Xh4YHN9Zwu0l2UbR2F1DzK3UFI1U8ZFcuxFAFxwjhNYQWU7DlTRes CXpQbIa8ovn7Fd4V5b8= =PgmO -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gnupg-2.1 Install
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you Werner, you are right about npth. The dependency call came when ./configure of Gnupg-2.1 was attempted. Then comes the message *** You need a LDAP library to build this program. I am getting closer! After sudo apt-get install libdb-dev and sudo apt-get install libdb++-dev, Openldap-2.4.39 installs without error, provided I use the four commands: ./configure, make dependencies, make, sudo make install. Then after sudo apt-get install gtk+-2.0, install pinentry, and installing Gnupg-2.1, all tests pass until it hangs on whatever follows the test: detachm.test. It also seems to hang on --gen-key once the proposed password is accepted. But I am hot on the trail. Unless someone beats me in revealing a successful gnupg 2.1 install on a new Ubuntu 14.04 environment I will keep trying. Getting there, Sandy -BEGIN PGP SIGNATURE- Version: GnuPG v1 iJwEAQECAAYFAlPpCuEACgkQUVKxkWZz2Q1u5QP/cL/xnGeKepvDmk9FW7AnIPxQ rpfr8OJqK+dh7/QvvMo/Y9C++rVC88/1gqdEdJE+qd5SfawOEBd+6WNUJVvYpS6s yABkk6dfxtf6OMGgB62cP/4HKdqVl392A9vJA11m1mXDyUzyKjunmQgjt9YG8Tz7 wV0i4JK17I0OcDe9yRw= =NrXZ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Someone has harvested my address
On Sun, 2008-09-07 at 09:38 -0400, Bill Royds wrote: On 7-Sep-08, at 05:50 , Phil Reynolds wrote: It seems that somebody has harvested this address, as I received an off-list spam to it. If you have added that address to a public PGP key server, that will be the reason. spammers have been harvesting key servers within the pgp.net domain for several years. +1 you email address maybe available to anyone who checks keyservers. http://pgp.mit.edu:11371/pks/lookup?search=Phil+Reynoldsop=index though this particular addy isn't here, doesn't mean it's not somewhere. Frank -- gpg id EB547226 Revoked Forgot Password :( aMSN: Frankly3D http://www.frankly3d.com signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
