Re: :-(( Re: smart card no longer works
On 10/09/16 14:27, Philip Jackson wrote: On 10/09/16 06:27, NIIBE Yutaka wrote: I don't have any experience with this error behavior. Please describe the situation and the interaction; Did you input passphrase and push [OK] button, and then gpg failed? Please try again with pinentry-curses and/or pinentry-tty. Does it work? I don't think the pinentry is the problem. I have tried several versions and no matter if I enter the pin via dialogue box or on the command line, the result is the same. I verified the pin using gpg --card-edit & it is ok. I think the problem must be more connected with how I introduced my secring and pubring to the new distro installation when I installed ubuntu 16.04 I have tried reverting to my old secring.gpg file from before starting with the smartcard (back in 2014), the one with the full key and not the 'stubs'. This enables me to run the file decrypt command but of course I have to enter the old full passphrase rather than the six digit pin of the smartcard. Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users This sounds like a bit of an issue I had with my Omnikey 38xx. I had a similar issue, where it always claimed the pin was wrong. I installed the omnikey drivers and then restarted PCSD. But I was using the pinpad on the device itself. Maybe your issue is different, depending on your hardware. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Update
On 26/11/14 20:53, da...@gbenet.com wrote: On 26/11/14 19:52, Tristan Santore wrote: On 26/11/14 19:37, da...@gbenet.com wrote: Hi Al, As so many have been aware, I tried LUbuntu amd64 LXDE with Thunderbird and Enigmail - which singularly failed to sign or even encrypt. I made add that Kleopatra Kgpg GPA also failed to work. As some of you are stuck with the mind-set that the earth is flat eg Oh it works for me therefore it works for everyone else is delusional. As stated I'd not ask 98 per cent of you to change a light bulb. I have now installed Debian release (wheezy) 64-bit and icedove 31.20 with Enigmail 1.72. Considering that icedove is Thunderbird and the same version as is Enigmail - I am at a loss to explain the failings. I just copied folders and files over with no problems. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users So, does this mean it works now or not ? David, with the deepest respect, you are not very good at providing the correct information you have been asked for, namely detailed steps, detailed failure messages, detailed versions of your packages/distributions. This is going to be my last response to you, if I feel that you are not providing the correct information. Further, just because somebody renames and rebuilds something, does not mean it is THE SAME as the original. The Debian folks might be applying patches, as we do in Fedora and Red Hat/CentOS. That is the thing with free software, just because something sounds or looks similar, does not mean it is! Hence, the requirement for detailed package names and versions and distribution versions. Werner, I know I know! Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Tristan, It all works on Debian - Fedora-16 64-bit well no and LUbuntu LXDE 64-bit no. And it's not LXDE - LUbuntu - is it a kernel issue? Maybe I could never find out. Considering that Kleopatra Kgpg GPA Thunderbird Enigmail ALL Failed - it points to a kernel issue. As happens on this list when people point out that something's not working - those with very limited intelligence start bleating as if we are completely ignorant of what we do. Anyway, I keep away from Fedora - a dodgy system as now I keep well away from LUbuntu 64-bit. Not all Linux Distros work. Not all Linux applications work. This is a fact of life. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Fedora is not dodgy! We only support Fedora for 2 releases + 1 month! Stop using unsupported distributions then. Quite an ignorant statement to make. And that is the last I am writing. Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The Facts:
# address (in the u...@example.com form), and there are no # u...@example.com keys on the local keyring. This option takes the # following arguments, in the order they are to be tried: # # cert = locate a key using DNS CERT, as specified in RFC-4398. #GnuPG can handle both the PGP (key) and IPGP (URL + fingerprint) #CERT methods. # # pka = locate a key using DNS PKA. # # ldap = locate a key using the PGP Universal method of checking #ldap://keys.(thedomain). For example, encrypting to #u...@example.com will check ldap://keys.example.com. # # keyserver = locate a key using whatever keyserver is defined using # the keyserver option. # # You may also list arbitrary keyservers here by URL. # # Try CERT, then PKA, then LDAP, then hkp://subkeys.net: #auto-key-locate cert pka ldap hkp://subkeys.pgp.net david@laptop-2:~$ I had the same problem with Fedora-16 64 bit. All these people who keep saying they have had no problems do not make any contributions at all. I don't care if your system works - mine does not. The question is why on a Ubuntu LXDE 32 bit laptop my keys work - and on a Ubuntu LXDE 64 bit laptop I can not sign I can not encrypt? My private key was created and signed on a 32 bit Linux system - which fails to do anything on a 64 bit system. And when I don't install gpg2 I only now get one problem bad passphrase. These are real facts of life that am having to deal with. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users David, you really need to get into the habit of mentioning exact version numbers, and produce some output, as you see it in the shell. It is virtually impossible to help anyone without further information. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Why the software is crap
On 14/11/14 13:24, da...@gbenet.com wrote: On 14/11/14 11:55, Martin Behrendt wrote: Am 14.11.2014 um 12:41 schrieb da...@gbenet.com: Hello All, I even tried exporting my private and public key from the command line and then tried importing. The same error message as before. I have checked on the internet - most of the suggestions are crap - the authors have never ever tried to do what they suggest others to do. If they had done so then they would have known just how crappy their supposed expertise was. I have even looked through https://www.gnupg.org/faq/GnuPG-FAQ.html and found this to be a useless pile of crap also. I am faced with two options: (1) Create yet another set of keys (2) Give up using gnupg after some 20 years I think I will unsubscribe from this list and give up on gnupg as a pile of crap. David I think unsubscribing is the best thing you can do. Because you probably successfully destroyed the good intension and motivation of anyone helping you, with the offending nonsense you wrote in your last mails. If you are angry just shut up and write again after you cooled yourself down. The problem is more likely with you because there are not many people reporting such problems. And I can tell from my own experience that it is not even a problem copying the content of the gnupg directory between windows and linux. Tried that successfully. Maybe you should read the FAQ again (and try to understand what is written). Maybe there is a difference between exporting the public part of a key and the private part. Anyway, enjoy your life. Martin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Martin, I have cooled. You can export your private key - you can export your public key. You can import your private key you can import your public key. In 20 years I have always had the same problem - the same error message and have each time created a new set of keys. I have done this 4 times. I notice that no one on this list - for all the talk of oh I've done it can offer no practical information has to HOW. No one. No one. No one knows how to do this simple task. In all my 20 years I have never found out how. Perhaps things are different under a Windows O/S but on Linux there is NO SOLUTION. Perhaps the only solution is to import ones private and public keys and lose all your contacts - ie a brand new installation. But I repeat BUT no one has ever created a mirror image of a .gnupg and had a fully 100 per cent working signing and encryption functionality. No one. There are no real practical solutions written anywhere on the internet. There is nothing of any value in https://www.gnupg.org/faq/GnuPG-FAQ.html - there never was in all the 20 years of reading it. Sure you can moan criticise me for my getting frustrated - and you can all moan and cringe and all withdraw your support - BUT NO ONE HAS EVER OFFERED ANY PRACTICAL USEFUL ADVICE THAT WILL ENABLE ME TO TRANSFER MY KEYS AND HAVE THEM WORKING CORRECTLY. NO ONE. NOT EVEN YOU. You are offended? Why? It is an easy thing to do is it not to moan about what and how people express themselves - yet you completely ignore the real issue. You ignore is because you can offer no real meaningful solution. As I have said no one has ever successfully transferred their public and private keys between machines and got them to successfully work. That's a real fact. And no one on this list as any practical solutions that work in the real world. That's a fact. The fact is no one on this list has ever done it with 100 per cent success. That's a fact. There is no practical advice on the internet. That's a fact. David David, I am pretty sure I have seen advice on how to backup and restore your keys, if not on this list, in the countless smartcard how to. I must admit I have not followed previous threads from you, but you must admit and be fair, that generally most people here are friendly and supportive. But I have seen the topic come up a few times, so maybe this is a security versus usability issue ? But again, I have not followed exactly what your problem is. Just wanted to point out that most people are reasonably helpful and friendly. Labelling gnupg as crap is, not exactly a fair assessment I think, and falls within the lines of labelling selinux crap, because people do not understand it/are confused by what is going on. Anyway. I hope you work it out in the end and I am sure, somebody will be willing yo nudge you in the right direction. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant
Re: Why the software is crap
On 15/11/14 00:11, Michael A. Yetto wrote: On Fri, 14 Nov 2014 23:28:49 +0100 Heinz Diehl htd...@fritha.org wrote: ___ /| /| | | ||__|| | Please don't | / O O\__ feed | / \ the troll | / \ \| / _\ \ -- /|\\ \ || / | | | |\/ || / \|_|_|/ |__|| / / \|| || / | | /|| --| | | |// | --| * _| |_|_|_| | \-/ *-- _--\ _ \ // | / _ \\ _ // |/ * / \_ /- | - | | * ___ c_c_c_C/ \C_c_c_c It was starting to look like Usenet in here. On a group that I frequent we (TINW - There Is No We) had a nearly three year campaign by a troll end recently. His technique was to ask for help on multiple problems and then claim that the solutions offered didn't work on Linux, but weren't even needed on Windows. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users We call those people, time waster trolls in IRC land. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Unsubscribing temporarily
On 12/11/14 15:20, Charly Avital wrote: Hi, for health reasons I am unsubscribing for the time being. I shall subscribe again in due time. My apologies to the list. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Charly, No need to apologize. Just sign up again when you are better. And, I hope and am convinced, that I can speak for the whole list/team, we wish you all the best and hope you get well soon. All the best. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smart card under linux
On 21/10/14 14:10, Philip Jackson wrote: On 21/10/14 12:59, Tristan Santore wrote: On 20/10/14 23:36, Philip Jackson wrote: snip going under my UbuntuStudio 1404 linux. Using gnupg2 2.0.26. Trying to use the GnuPG driver to access CCID cards, gpg2 --card-status yields the following output : gpg: selecting openpgp failed: Card error gpg: OpenPGP card not available: Card error I've followed, I believe, all the instructions in the gnupg.com smartcard howto. In para 2.3.1 CCID : I've tried both the instructions under 'with udev (preferred installation)' and further down 'with hotplug (deprecated in modern systems)' In the /etc/udev/rules.d/ directory there is a README which says that symbolic links should not be used in Ubuntu (unlike Debian) so I placed a copy of gnupg-ccid.rules directly in that directory. But that didn't help. lsusb shows that the SCM card reader is recognised and present but gpg doesn't seem to be able to make contact. I'd appreciate any ideas for what to try next. Philip, Further, to the previous question, which distribution are you currently using ? There is a locking issue in Fedora with pcscd. I have not had time to dig deeper yet, but libvirt and some other binaries appear to be blocking the card. I'm using UbuntuStudio 1404 - one of the Ubuntu flavours. Practically all I know about smart cards is from the GnuPG smartcard howto on gnupg.org website. There, it makes reference to 'Two standard protocols are used by GnuPG to access card readers.' and then proceeds to cover CCID in some detail with three apparent alternatives being detailed. It then treats the other protocol, PC/SC, but all it says is TODO - To use PC/SC make sure you disable CCID by passing the --disable-ccid option to GnuPG. From this I assumed that CCID was perhaps either preferred / more important / more useful / or more modern so I didn't touch anything about PCSC and this means that pcscd is not running on my system. Is this a major error on my part ? Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Find out where your library for libpcsclite is, then run lsof on it like below: lsof /usr/lib64/libpcsclite.so.1.0.0 lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs Output information may be incomplete. COMMAND PID USER FD TYPE DEVICE SIZE/OFFNODE NAME libvirtd 3461 root memREG 253,247896 1081788 /usr/lib64/libpcsclite.so.1.0.0 pcscd3462 root memREG 253,247896 1081788 /usr/lib64/libpcsclite.so.1.0.0 upowerd 3606 root memREG 253,247896 1081788 /usr/lib64/libpcsclite.so.1.0.0 You will probably get output similar to this. Then you can kill the pids, of the processes that are blocking the card. However, as I said, add systemctl restart pcscd a s a sudo option, which should be much easier and not interfere with the other processes. I hope this helps. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: scute for fedora, is it in the reppos?
On 26/09/14 20:19, Paulo Lopes wrote: Hi, I was thinking to jump the boat, from Ubuntu to some other distro, a bit more free, I was considering one of the two: * Debian * Fedora I am quite confortable with Debian since I've used it since ~2001 but on my laptop I'd like to have a more recent DE and Debian 8 is still a bit far away... So Fedora seems to be the best candidate with all GnuPG packages needed for my smartcard, however I don't seem to find anywhere the Scute project. Is it in the reppos? or is it part of some other package which i cannot find (since my rpm skills are quite rusty). Cheers, Paulo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users It is not packaged, but you can unpack a debian binary and abuse that. Hope that helps. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: passphrase recovery
On 05/09/14 00:13, Parker Boxell wrote: Hello, I am contacting you because I need help recovering my passphrase. is there any way to accomplish this? Basically my laptop screen broke now and I need to decrypt my word file that has my product keys but I cannot remember for the life of me what it is and have spent countless tries on the two phrases i think it is, and I am unable to change my passphrase due to the fact I no longer know it. here are my details. User Name:Parker Kane Boxell parker131...@gmail.com mailto:parker131...@gmail.com Key ID 5E2A6915 Fingerprint 6887 7FCA 1BCB 8851 1A66 26CA 7C98 3024 5E2A 6915 Expires at: never expires owner trust: ultimate kay validity: fully valid key type: RSA-2048 bits Created at: 2014-06-02 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users The whole point of using crypto is, to make it virtually impossible to retrieve your password for your key. Unless you can think of a keyword or something else that made up your pin/password, I would say it is virtually impossible, unless you made a fundamental mistake, such as using a very short password. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Smart Card 4096 Key Question
On 01/09/14 15:18, Philip Jackson wrote: On 01/09/14 08:16, Werner Koch wrote: On Sun, 31 Aug 2014 23:27, tristan.sant...@internexusconnect.net said: Yes the card can have a 4096bit Auth, Sign and Encryption key. You have Correct. to generate them on a machine though, not on card. The cards generate them just fine. Note that this is only true for the ZeitControl as currenty distributed. Thus the warning note you see if you use a different key size than 2048 bit. I tried to buy an SCT3512 usb key device from Amazon.de and also from SCM in Germany. Neither will ship to an address outside Germany' I tried the shop at kernelconcepts.de for the card but I can't get into their website with Firefox under linux nor under windows - I just get a weird error page : Fatal error: Call to a member function add_current_page() on a non-object in /var/www/osc/catalog/includes/application_top.php on line 318 It looks like security is alive and doing well in Germany. I though we had something going for us in Europe these days but apparently not. Can anyone suggest a supplier in Europe who will sell outside his frontier ? Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Johnathan, How far into the shopping process ? My cart fills fine here. That is regarding kernel concepts. Don'y they also do a card reader ? Anyway, I tried loads of places within the UK, not much luck, then just bought an Omnikey, but my pinpad never worked until somebody made a patch. Seems to work fine now. Although 2.0.19 broke it I think or fixed it. I cannot recall, which one broke and then which fixed it again. ;-D Maybe you could contact a supplier and ask them how much they would want, if they order one for you. However, then they will charge you RRP as a bare minimum, probably more, as you asked them for it. Regards, Tristan P.S: Maybe choose another model ? Which is more widely available ? -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.0.21 install - AIX
On 06/08/14 23:11, Ashok Boppana wrote: Hello Team, My name is Ashok Boppana and I'm trying to install GnuPG 2.0.21 software on my AIX P520 machine which is running on AIX 7.1 operating system. I'm following the install steps as per the document but getting an error which I don't understand. Could you pl take a look at the install steps I followed from the attached document and help me with the install? This is my first time using this software and I'm not sure if there are any other packages I need to install before following this process, pl let me know, Also, pl let me know if this software is compatible with AIX or not and any alternative if not compatible. Thank you so much for your time. Have a great day!! Regards, Ashok E-Mail to and from me, in connection with the transaction of public business, is subject to the Wyoming Public Records Act and may be disclosed to third parties. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Ashok, Quick glance here, tells me you have no compiler installed or it cannot find it. I do not use AIX. I suggest you find out where to obtain a compiled compiler package. Maybe the path for the compiler is wrong too ? Symbolic link might help there, in that case. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: help needed getting gnupg to function correctly in linux
On 20/06/14 08:03, Bernhard Reiter wrote: On Wednesday 18 June 2014 at 19:04:16, Philip Jackson wrote: It appears to me (in all my ignorance) that there is a problem connected with gpg-agent and PINentry. The Synaptic Package Manager shows that I have gnupg-agent v.2.0.22-3ubuntu1 installed. Check if you have a functional pinentry package installed. It may come in an extra package, e.g. try to install pinentry-qt4 A simple test if pinentry works: pinentry OK Your orders please getpin D asdf OK bye OK closing connection Next check if your agent can do it. gpg-agent ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Phillip, I suggest you contact the package maintainer for Ubuntu's GNUPG2 packages. I have just recompiled Fedora's locally and it fixed my issues with pinpad entry I was having. I was running 2.0.21 before. I will email the package maintainer in Fedora to as him to roll another gnupg2, even if it is just sits in updates-testing for a bit. If you are not using the pinpad entry on a pinpad based smart card reader, try setting the pinentry-program /usr/bin/pinentry-gtk-2 option(or whichever pin entry option you prefer), in a file called gpg-agent.conf, within the gnupg directory. Hope this helps! Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: fulldisc encryption
On 31/05/14 08:42, Johan Wevers wrote: On 31-05-2014 8:35, Mark Rousell wrote: All that said, Free OTFE might be a good basis on which to continue development if the licence terms of TrueCrypt 7.1a turn out to be too restrictive to allow a successful fork. I think it is reasonbably safe to simply ignore the TC license and just fork it. Distribute the forked version without any license whatsoever. Given the secretive nature of the author, he should, for a start, first have to prove he is the author if he wanted to sue you. 2 possible reasons for this action seem likely to me: personal reasons (he's tired of the project) or a gag order. In both cases the author is unlikely to sue. https://github.com/bwalex/tc-play On Fedora, yum install tcplay Enjoy. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Heartbleed attack on Openssl
On 09/04/14 14:17, Sam Gleske wrote: On Tue, Apr 8, 2014 at 11:01 PM, Felipe Vieira fmv1...@gmail.com mailto:fmv1...@gmail.com wrote: Dear GNUPG community, I think a lot of unexperienced users would like to know more about the Heartbleed problem found on some of the openssl versions. I have two broad questions and two specific questions: 1) Which type of clients have been compromised (consider an ordinary user)? 2) Which common applications use openssl and are a potential target? 2) Are firefox users compromised? 3) Are RetroShare users compromised? Thanks in advance. For the most part it is service providers who are affected by the bug. There's a handy website to verbosely explain heartbleed. http://heartbleed.com/ Affected services include HTTP, email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), databases (e.g. mysql), and pretty much any service that uses openssl TSL/SSL to secure transport of services if they're recently patched. Security notices for popular server distros... RHEL - https://access.redhat.com/site/solutions/781793 Ubuntu - http://www.ubuntu.com/usn/usn-2165-1/ CLIENT There's not much you can do at this point. Update your system packages and that's about it. SERVICE PROVIDER Essentially you want to take the following steps if you're service provider. 1. Test for the vulnerability - http://pastebin.com/WmxzjkXJ it is also prudent to search for the affected package versions across all services. 2. If vulnerable patch the OpenSSL version of public front end services first. Patch backend services after the front end is secure. 3. Reissue SSL private keys and certificates. Since the leak exposes the private key it is no longer pristine. For the remaining more thorough steps of what to do see the heartbleed.org http://heartbleed.org website which has a nice set of instructions. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users It is imperative you revoke old keys! Not just reissue! Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg: sending command `SCD PASSWD' to agent failed: ec=6.55
Dear All, Has anyone seen this before, when trying to change pins or enter pins ? gpg: sending command `SCD PASSWD' to agent failed: ec=6.55 Package versions: gnupg2-smime-2.0.22-1.fc20.x86_64 gnupg2-2.0.22-1.fc20.x86_64 After downgrading to another version from our builders, namely, gnupg2-smime-2.0.21-1.fc20.x86_64 gnupg2-2.0.21-1.fc20.x86_64 this problem is solved. Do you want me to file this one on your bugzilla ? I would file it on ours, but then our poor triage people get to it, then the package maintainer and then it ends up with you anyway, so I may as well file it directly. How can I assist you in providing you more output, so you can debug it ? If, of course, you want me to file this one. Thank you. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
, would make you rather biased. They do process any US email going in and out of the US, be it by US citizens or not. Also, quite frankly, all of such assurances are totally meaningless, as we in the UK (GCHQ), do that work for you and vice versa. So, you see, the issue is not necessarily that the US government is spying on the German government, or the UK government, and they doing it on each other of course. The real issues are that they are a. violating UK law or US law by sharing information or getting the other party to use that information, which at least in the UK is so unlawful, you would need 50 negative words to describe how unlawful that approach is (according to a former Intelligence and Security Committee member). b. By intercepting any messages, by tapping into POPs or undersea cables you are by de-facto already obtaining communications content without warrants. Because of course that would make it almost impossible for them to gather information otherwise. They would be in court all day long. Quite frankly though even Germany and many other European governments co-operate in intelligence matters by sharing data on their citizens. Mrs Merkel was only appalled that her Governments stuff was being spied on, quite frankly I do not think she particularly cares about German citizens or residents. The fact is, now every citizen can communicate at will, with a lot of people at once, broadcasting their views without having a media organisation filter it, is scaring any executive in the world, be it China, Germany, the Uk, Russia, the US or anyone other country you can think of. Of course, all terrorists and organised crime people know they are being spied on. So, they already have changed heir tactics, even way before Edward Snowden released the files. That is, not communicate via mobile phones, email, or written letter. We had a prime example here in the UK, where terror suspects, who later got convicted, met in a public park. And that is where they would talk, now the only reason they got caught is, because of the old traditional intelligence gathering methods aka actually surveying the actual targets. Every time you hear politicians say mass surveillance stops terrorism without showing actual convictions, is rather laughable, especially if that surveillance covers national borders too. Anyway, enough of this. Pointless discussion really. Only thing you can do is complain to your MP, Congressman/Woman, Member of the Bundestag or maybe even Landtag(Bundesrat), or who/whatever is responsible in your country. Or better yet, unlawfully spy on your politicians, by planting bugs in their constituent offices, tap their mobiles send them malware, tap into their phone lines. Then broadcast all you found on the internet. Including their family affairs, potential conflicts of interest and corruption, including secret deals. They will love that I am sure. Note: This is a bit of sarcasm! We are world renown for that in the UK. Maybe then they will wise up to why mass interception is not only wrong, but also yields very little real useful information. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Multiple Subkey Pairs
On 14/03/14 17:28, Robert J. Hansen wrote: Totally off-topic. But that your father was a highly positioned judge, would make you rather biased. Sure, just like someone being German would make them pretty biased against Jews. What I just said was insensitive, offensive, and completely inappropriate. So, too, was what you just said. Grow up. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Haha. Unfortunately for you, I am not German, so i am not insulted. But I do know loads of German's, which of course, with you making such statements, not only shows that you have a serious problem, if you have to offend people, just because you feel offended, but also shows how ignorant you are. Excusing your behaviour after is hardly a sign of maturity. Unlike you, I based my statement on what you said in your email, namely, that you got information from your father, which makes it hear-say. Further, getting facts from a second party about a third party about information, that would fall under a piece of legislation, which permits nobody to even discuss it, makes such statements meaningless. Further adding your comments about intelligence matters, that you clearly can not have any knowledge of, does not qualify you to make any such statements. Hence, my statement about you being biased. Further, all this discussion is quite meaningless anyway. Needless to say all this is totally off-topic, I just wanted to be sure that you got somebody else's opinion, as you were quite so dismissive about another person and their opinions on this list. I tend to side with people being bullied. Now maybe we can get back to the perfectly legitimate issues regarding the use of sub-keys and the use of multiples of these. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Windows editor destroys gpg.conf
On 15/01/14 13:33, Jerry wrote: On Wed, 15 Jan 2014 14:02:12 +0100, Hauke Laging stated: Hello, when I help Windows users create keys then my script converts the Linux version of gpg.conf (after some editing) to the Windows line endings. This works. But if I edit the file with the Windows editor (unfortunately I have forgotten the Windows version) then gpg crashes with an error message like error in gpg.conf:1. I have experienced that several times in the past already. Unfortunately I both don't have Windows at home and have forgotten to make a copy of the damaged file so that I cannot have a look at it. A wild guess is that the editor adds a UTF-8 BOM at the beginning of the file (but that wouldn't affect XP, would it?). Two concerns: 1) Does anyone know what the problem is and/or whether I can avoid it by using another program which is part of Windows (or widely used)? 2) Would it make sense to make gpg work with such config files...? 8-) Personally, I use PSPad to edit files from different OSs on a Window's machine. http://www.pspad.com. It can save in several different formats and styles. Plus, it is free. unix2dos and dos2unix are your friends. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: 2.x
On 22/12/13 17:24, Uwe Brauer wrote: K == K Raven m...@kairaven.de writes: Hi, I'm using Kubuntu (13.10) too and because many packets depend on gnupg, i use the Alternatives system to leave gnupg1 installed and use gnupg2 in parallel. You can see that on http://wiki.kairaven.de/open/krypto/gpg/p/gpg4#linux (in German, but the commandos are readable). Sure, you must repeat the steps after gnupg updates. Alternatively (at the end of the chapter), you can rename the gnupg1 binaries and make symlinks to gnupg2, but i don't like that. Thanks, since I am German, I can read this document :-D ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users You being German has nothing to do with the fact you can read it. I am British, I can also read it. ;-p Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Any future for the Crypto Stick?
On 01/12/13 17:01, Josef Schneider wrote: Einar Ryeng schrieb: Hi. The GPF Crypto Stick has been unavailable for months now, and I wondered if anyone here has information on its future. Any news on the crypto stick (or similar initiatives) would be appreciated. I just use a OpenPGP Card in a small gemalto stick reader. AFAIK in the Crypto stick they just soldered a OpenPGP card in, so it is basically the same! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users You might want to check out the Yubikey guys. They make a yubikey with an openpgp applet. https://www.yubico.com/2012/12/yubikey-neo-openpgp/ And the applet code is here: https://github.com/Yubico/ykneo-openpgp Some people should peer review this stuff though. At least the code is FOSS. I would still prefer a openpgp card though mainly because I trust a German company more, than a business that also might be harassed by the US Government. However, if there is no other way to connect a device like a card reader, then maybe this would offer an alternative. As Bruce Schneier said, FOSS is harder to manipulate, so that is a good thing, and also he warns of US (non US)influence on proprietary companies. To be honest, I think one now has to take any US business with a pinch of salt. This of course also applies to other businesses, which are not located in the US. All depends on the legal situation and the willingness of companies to abuse their position, because they are being lobbied by governments. The usual, do this or we won't offer your products for tendering in the public sector (government departments), or worse threats where laws allow that. Or just plain stupidity, thinking they are doing the right thing, believing all the rubbish they have been fed. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Omnikey 3821 with OpenPGP Card and Pin Pad Entry
Dear All, I have finally had time to play with the Omnikey 3821 and my OpenPGP cards. Yesterday, I somehow managed to get the Omnikey reader to accept pinpad entries. I suspect it was the enable-pinpad-varlen option in ~/.gnupg/scdaemon.conf, which did this. This worked for setting the password on card, but would not accept the password for an Auth Key I generated, that is expert mode then deselect (E) and (S) to leave the (A)uthentication bit. When I now set the enable-pinpad-varlen I keep getting: debug1: Offering RSA public key: cardno:00050 debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 535 debug2: input_userauth_pk_ok: fp da:c6:79:b0:59:46:ba:15:e2:9c:ea:4b:a7:50:fa:75 debug3: sign_and_send_pubkey: RSA da:c6:79:b0:59:46:ba:15:e2:9c:ea:4b:a7:50:fa:75 Agent admitted failure to sign using the key. debug1: Trying private key: /home/blah. Also, when I try gpg2 --card-edit, pinentry does not ask me to enter the pin, with the pinpad showing the request on the Omnikey's LCD screen. When I remove the enable-pinpad-varlen option from ~/gnupg/scdaemon.conf, pinpad-gtk pops up and asks me to enter the password. Is there something I missed ? It worked fine yesterday, minus the Auth pin issue. I was hoping to finally get there with the setup and be able to use the pinpad for pin entries. Any insights of you all, would be most appreciated. If I can provide you with any further output, which might help, let me know how and what you need, and I will be most happy to oblige. Thank you in advance. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Omnikey 3821 with OpenPGP Card and Pin Pad Entry
On 24/10/13 06:48, Tristan Santore wrote: Dear All, I have finally had time to play with the Omnikey 3821 and my OpenPGP cards. Yesterday, I somehow managed to get the Omnikey reader to accept pinpad entries. I suspect it was the enable-pinpad-varlen option in ~/.gnupg/scdaemon.conf, which did this. This worked for setting the password on card, but would not accept the password for an Auth Key I generated, that is expert mode then deselect (E) and (S) to leave the (A)uthentication bit. When I now set the enable-pinpad-varlen I keep getting: debug1: Offering RSA public key: cardno:00050 debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 535 debug2: input_userauth_pk_ok: fp da:c6:79:b0:59:46:ba:15:e2:9c:ea:4b:a7:50:fa:75 debug3: sign_and_send_pubkey: RSA da:c6:79:b0:59:46:ba:15:e2:9c:ea:4b:a7:50:fa:75 Agent admitted failure to sign using the key. debug1: Trying private key: /home/blah. Also, when I try gpg2 --card-edit, pinentry does not ask me to enter the pin, with the pinpad showing the request on the Omnikey's LCD screen. When I remove the enable-pinpad-varlen option from ~/gnupg/scdaemon.conf, pinpad-gtk pops up and asks me to enter the password. Is there something I missed ? It worked fine yesterday, minus the Auth pin issue. I was hoping to finally get there with the setup and be able to use the pinpad for pin entries. Any insights of you all, would be most appreciated. If I can provide you with any further output, which might help, let me know how and what you need, and I will be most happy to oblige. Thank you in advance. Regards, Tristan To answer my own question! After prodding around and searching for answers, this appears to be an issue with gnupg2.0.22. There is also a bug filed for it. I reverted back to an older version, albeit this one does something weird too. I will keep prodding that, until I get the error I had earlier, then send a new email about the issue, or file a bug, depending on what my findings are. So, for now please ignore my previous email. Thank you. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 tristan.sant...@internexusconnect.net Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: tsant...@fedoraproject.org ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
