Re: PGP/MIME (Was: One alternative to SMTP for email: Confidant Mail)
Doug Barton dougb@dougbarton.email writes: On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote: Doug, Signature shows as an attachment signature.asc. No evidence that PGP actions were envoked. Work forces use of Synaptic PGP, so I cannot tell if it is verified or not. Thanks Bob, that is interesting feedback. FWIW, I have received various other messages privately from people who have said the same thing ... They can see the attachment, but either message verification fails, or there is no indication on their side that it is a PGP-signed message at all. I thought your signature was a joke :) -- Xavier. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [cygwin] gpg-agent with ssh support ?
Doug Barton dougb@dougbarton.email writes: On 3/12/15 2:59 AM, Werner Koch wrote: On Wed, 11 Mar 2015 18:23, dougb@dougbarton.email said: PuTTY also has its own agent support, which works quite well. I'm not sure why it's necessary to reinvent the wheel here. :) Because that integrates seemless with GnuPG. For example you can use your OpenPGP card (or other supoorted smartcards) for ssh. No need for the ssh-add kludge. And that would be a good reason, sure. But I don't get the impression that the OP has one of those. :) Exact but I plan to get one in a quite short time ;) I am just studying the smartcard market to choose a good one (any suggestion ? :)). Regards -- Xavier. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [cygwin] gpg-agent with ssh support ?
Doug Barton dougb@dougbarton.email writes: Otherwise, there is an easy way to solve your problem on the Windows platform, you should strongly consider it. I fear I do not understand. Did I miss something ? Off course I'd rather go the easy way ! :D Regards -- Xavier. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
[cygwin] gpg-agent with ssh support ?
Hi all, On my workstation, I have installed cygwin and GPG4win which is bundled with a version of gpg-agent (cygwin comes whith oldies and no gpg-agent AFAICS). I enabled ssh support in the gpg-agent.conf file as usual and I clearly see the socket files for both GNUpg and SSH. When starting a cygwin terminal and trying to decrypt one file using gpg --decrypt file.gpg, pinentry comes in and asks for my passphrase (and then cache it into gpg-agent). On the other hand, trying to add an identify file into the agent fails. It tells it can't connect to the agent. In fact, after hours of trial and errors, I gave up launching ssh-agent manually. Do you know a way to fix that and only use gpg-agent as my sole agent entry point for both gpg and ssh ? Regards -- Xavier. pgpAlX8HdwmSy.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [cygwin] gpg-agent with ssh support ?
Doug Barton dougb@dougbarton.email writes: On 3/11/15 3:15 AM, Werner Koch wrote: The standard ssh client on Windows seems to be Putty; you may use it with the native GnuPG for Windows (i.e. Gpg4win) by using the option --enable-putty-support instead of --enable-ssh-support. PuTTY also has its own agent support, which works quite well. I'm not sure why it's necessary to reinvent the wheel here. :) Still, one has to install a new piece of software but, in my case, it can be ok. So, just to be sure I understand: 1. install putty 2. put enable-putty-support into gpg-agent.conf 3. gpg-connect-agent reloadagent /bye 4. enjoy ? Regards -- Xavier. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to send a key to a keyserver?
Helmut Waitzmann ml.throt...@xoxy.net writes: So it's a problem with my http proxy? Seems like actually. -- Xavier. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to send a key to a keyserver?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Helmut Helmut Waitzmann ml.throt...@xoxy.net writes: gpg2 --verbose --keyserver hkp://pool.sks-keyservers.net --send-keys -- 72ABFF0923A87CF22D0ED7C4FDEE765D017077F1 try without the -- stuff: gpg2 --verbose --keyserver hkp://pool.sks-keyservers.net --send-keys 72ABFF0923A87CF22D0ED7C4FDEE765D017077F1 and see how it goes. - -- Xavier. -BEGIN PGP SIGNATURE- iQQcBAEBCgAGBQJU8AaeAAoJEN4v/Iaa+lFl0qEgAKkMLssdiQNkUunotYfSMs1F ndPLNXOy3GuCyJJ2GGLE0RQv2OafBJ0xHc6WNWQD93CvSTY7GP2x8jIodAyb7Wbr 7Gp6fnmFCs+p8Lg4qjAynRkmiCZOD5yO/JMMAGeaBFkvMEMG+7alMDSso7fPqTJh TXZqrBviOCHevOruv5GILpswbGjBw+yZ4KwQYMtimwQE2Idv5okaD3eNysJms5Jq bYG+eSandfC8+yOPtGrxMB1pGWoZEdmWlhSe6rHxO/0jqKywEurFkQahotNMiCV/ +ZiD0r6pClQVfSPbXYOsrqbW2S0NeOhDVthLLSSgw+2FLVwqsgMZ6/xTsFd7gkqg u727aFSaLnUQD1XM7ml5TZMvbXBP3KUlJf5btqoJWuxbkeZJrLa+ydYWsr3M9iUx iGso86HTZ7uV4WJUgmybxhuT07XaUwyq8OEIiy2kNo/0WBK43al4RVacIbck9ZLP tVppW98+P1O0vmJcZb1iUakj2yYY+I5E+D3KSiOkLYd8i8ZcrsB0Pelcl1KXEi2X BUBMzJqIVcGBjCEKewORXs+NFndp/aYPQzYGvCFu34qnSGBJyKTGI9uZSRljGUTI QbAvIJB+KGYVoAjPajFPk8taEtN/8iNltMp/odqtSi8JY/JMYMDuz1sct4wxVmpQ dFjPhLkUKraZ6L+j8giPv8AzB4W8Sg3FVbUD0HZPbr3BcTPMDeozA4iAthoYIb3E m1NUHDKtRfnFkxBy1iMkhGsoVilUX8Zn03C3QS9py9ToyR7Xka3Clc2nSDE6wWC5 R28ORWk1tqETXjg8ndaIQcaW54+bRjoymUPzpgtvZmBV9+liwfJwwZPsGqklg9tF MTEqavBVPVOXu4j1bSrCiUQnhLMsXuvSg11Cl3MZuC7REDkOsHZstOXZTiMvhnXB 7ZXWyUn7Xx6PUYYlp/OJkg+2Qr9fRLikNvF9PZ0vuKmPxpbYoG6UJ2NKGvpGOMmr FjtPyEKJlYQWsdKf6w1PGJ/1+lVNzcwJkMh+Jz/YYVE0yH0cQDV2nINe3gVv+pyf V6s+zsaBa/RBJCYuA59U4tIDQFbBrbBTZ5IurIlGTIIB6xiG+SUaMW6nnswZQIwm rZFoK9VQyxKBPoj4OBEOQg2q0t3+hvBnQxI+hffCsx9QOcuN/WdnigEO/Khv2lXM xrRyZmCp79UJTNDI5TTy/ra+jjfmOVkHVd/o/fAkAVST3l2eRdGDcUXXoofbxcjj KajRybChjRF0yAPYkIts9FsoD0fLBP3uxrfO23Lzxz7Jwrzv6PaQulG/9rrXLWwU 9k96364Ldf3PaEZ9qIqRXqGx81IbHoxWgQt40BtrX86mZ+K7cMSXTMDTKHcvb7M= =Yuco -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Problem with PassPhrase in Batch.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Mark, Mark Walter mwal...@paragon-csi.com writes: I have a pass phrase that contains an exclamation mark (!). I can decrypt fine manually, however when I try to put this into a batch file, and pipe the the pass phrase to the gpg command to decrypt the file, it doesn't work. Could the exclamation mark be causing the problem? Also, is there a way, in a batch file to escape this character? Do you have any testcase I could try by my side ? I mean, how you put this in a batch file ? I also put an exclamation mark in my passphrase. Regards - -- Xavier. -BEGIN PGP SIGNATURE- iQQcBAEBCgAGBQJU8AJZAAoJEN4v/Iaa+lFlkcIf/ilD+vTRhjyW5ZigQ0mP06DW tEAApUFS6MIg8Hccp8QZm5qmTWUkhjvTD4wnbaCYmGDav5VG8PPokAyNwTJNDO7q 2K/WhSTlamIBnWFXXIZwO7LHl6T96oFmFvWsTUMG9+TaQhuEk4uAmKjAdeeS1J8K DWtVmWZaH/LEUxy2EFkRXCHxuo0o8W1V8rRSpNJXuGgKnVakBQP+aLJxsHpHqzKD ubnZkZ1Q/07WGrTzeH+kweyOt91qOmiwRfYXayiP3CS+9zD+1xQ813BoTCltKpBT KnLWEX6ui/o1X+FTGnFqPxH16vpATMbfTEqKLohE0Eg6asUbDKeTS8nOaogDJ98a N5tW8lkXEdnt7P/58kQt6BabmZ36G8gAcZyLak+DFOuj/BgNQIrXWW4a2HO6fZDQ 9ilKalWdQqDPJU3wdsCixggr55IZEBDe/PepvlKEcQUl1YfBQ/mfhhRtlssApv81 MgGX3ZqaweOEbSFMj4hkuYRQ4ir/x8g9IBq/VuN4naIJl21O6r6NZZjgnJSvBuXi IvyJAnlGfuAlRXBTDEzPqf+k8EQma8tLp84ZaOOdROAkg9uIkpMWpFD4QW/thAzY yjBi6ZZt4TZ7P8j3hVNgWCq1+qMPFH286/+6BqEZ0XdV73R+IAIXUoy+jAQRCUqU 3O81O+H12YOWKgjQKJx3mNU6YXMOEf5KqHJfm6X9JuRysoItaFYlrzaz2Sq0VV0i lPRvZefA5eSwOU59zTAbMGmIUGxBbTXoPIngV9NC6QWC27RZLsbwlhGcJB3sSzAx Mtgc0qsgPI4/Mg70qvMZ+9qQs0sA9M+53EAa1RnieI0hmcxdwoaG/ccQ3P+n+Zpj HZrCPbgQ3GircKoZddiI6xfLpDzopWQLezTZdYIymJFpmZuAZN7T1/xQAGbcSYKB 9BSZMavNniSsGCCr9c5PFpyeGz8B7YpmoqBBTIV50Cdg8S8TipvaigFpFc/Iqe0E 6eQlDMMUqdmtYn0Pk6ct2+90DYMHl7WhP3LH+DqhSeyOuJP7Lx6szdx38jJjE3q0 wBgK92zhTDvH+ipB4kpdK2vAiWnecP9jBHMABG/HpSFyGVSZszWmB+956NC2tCT6 rrUOteCmYlQLNdg6zn7smpR1inLdntmCiCm5LztMGUXupco6XmvcA8nOvMdif1Tv obXKCXta3oKeUHGJOtmBQyTyCh2+O/0IreJSmFvvbJKg/EXOCmQwMYm483juOKhi 4AZ6CPIj45Upz9woD20LFqx27V7bg6ohZ+amiCAgB1nLv7p8bj7FK6AR52VLUttf XLqxWdxOXGQlJQsJXECaaC1V0wioa5mGioeTOzx6CKmT3kyK/AEXPgccfrETfYk= =z+om -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Double sign a document
Hauke Laging mailinglis...@hauke-laging.de writes: Am Mi 18.02.2015, 21:29:40 schrieb Xavier Maillard: Just a quick question: do I need to have both keypairs in my keyring ? I mean both my old secret key and my new secret key. Of course. Would be strange if you could make a signature without the respective secret key. Arguably, I should have thought twice before posting :) Regards -- Sent with my mu4e signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Please remove MacGPG from gnupg.org due to serious security concerns
Hi Ville, Ville Määttä mailing-li...@asatiifm.net writes: I happen to use Mail so for a long time I’ve been using the GPGMail plugin with a brewed[2] upstream GnuPG. I.e. *just one of the things in the GPG Suite*. I’ve talked about this setup before in the thread [3]. If one doesn’t use Apple Mail there is no reason to use GPGTools at all. Thanks for that ! I thought I had to install it. So, I can drop it and install GPG via brew ? Regards -- Sent with my mu4e signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Please remove MacGPG from gnupg.org due to serious security concerns
Peter Lebbing pe...@digitalbrains.com writes: On 2015-02-19 18:16, Jonathan Schleifer wrote: I also like @ to hide useless output, but is downloading *and executing* from a remote location really something you should hide? Especially if everything else isn't hidden? I can understand you're pretty darn pissed off that they executed untrusted remote code on your computer, which, I think, explains why you're lashing out so strongly. And I also think that it was truly poorly designed. But I find your quest for bad faith on their part a bit far fetched... Never attribute to malice that which is adequately explained by stupidity.[1][2] By now, you should probably cool down a bit. I'd say you've made your point. I could not agree more ! -- Xavier signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Double sign a document
Hi Jesper, Jesper Hess Nielsen jes...@graffen.dk writes: gpg -u old keyid -u new keyid --clearsign keytransition.txt keytransition.signed2 woops, forget about the ' keytransition.signed2' part. Just running with --clearsign will give you a keytransition.txt.asc file automatically. Thnaks for that Jesper. Just a quick question: do I need to have both keypairs in my keyring ? I mean both my old secret key and my new secret key. Regards -- Sent with my mu4e signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Double sign a document
Hi, in order to announce my new GPG key I have written a key transition document. I am at the step where I should/must sign it with both keys (old and new one). I can sign (inline) my document using this: gpg --output keytransition.signed --clearsign keytransition.txt This works for one GPG key but how can I make it work twice ? If I do the same command but using my old key: gpg --default-key 0xold-key --output keytransition.signed2 --clearsign keytransition.txt then I should merge the signed files but when verifying, it just complains: gpg: Attention : conflit de hachage de signature dans le message gpg: Impossible de vérifier la signature : General error How am I supposed to achieve this ? How do you double (triple or even more) gpg-sign a file ? Regards -- Sent with my mu4e signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
MFPA 2014-667rhzu3dc-lists-gro...@riseup.net writes: My preference is Inline: I want everything right there in the message body where I can see it. Exactly what is it you feel the over powering urge to see? If the message text is covered by a signature, I want to see the signature. I would not accept a cheque where the signature was on an attached document instead of on the cheque. With PGP/MIME, even the message text itself is shifted out of the message body into an attachment. I quite agree with this statement but to do asame here, I should/must use a smaller key than my 8192R. I will probably generate a smaller subkey (2048R ?) and see how it works here. One more argument in favor of the inline: it questions my fellows; what are these cabalistic caracters and then you can what's the purpose of all of this. Regards -- Sent with my mu4e ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
Peter Lebbing pe...@digitalbrains.com writes: On 2015-02-13 15:07, Brian Minton wrote: if you have a 4096 bit RSA key, please dont sign inline. The signature block is ridiculously long. You'll find it is actually even an 8192 bit RSA key. Yes sorry. I should add a smaller key for that purpose ... Regards -- Sent with my mu4e ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
des-apare.cido...@autistici.org writes: Maybe I cannot offer a big rule for THE preferred way. Jerry is right, but maybe we HAVE to deal with recipients who have no influence to take a mail client which is capable to handle PGP/MIME sigbatures properly. Then it is also MY problem. I agree. With my PGP contacts I learned, that some can't handle PGP/MIME mails. The experience is, that the Addon Mailvelope (Firefox, Chrome) can't handle at all mails with attachment in PGP/MIME format. Also the Client K9 for smartphones. A compromise would be to set up per-recipient-rules in Enigmail to send inline mails to these contacts. This is getting over complicated just to the purpose it deserves. Sadly. -- Sent with my mu4e ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
MIME or inline signature ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello, in my quest of the perfect setup, I am asking myself what is the prefered way to sign a message: inline (like this one) or using a MIME header ? Is there a big thumb rule to respect ? Regards - -- Sent with my mu4e -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iQQcBAEBCgAGBQJU3S03AAoJEN4v/Iaa+lFltkof/j3eXbkVpNETKZi8OXz9K+WX StI2wb3UczzBAJHfeBTPiTLRb+JOG2YvVSkEZ7VQauMK8lAzHzwpixT6eu3cNI6p z4IJXpuJd9Z6f7qOVD8/j3yeENe0929UGqcUyBK1+3Dzj7w+2Pae1R/6dSz8Hrhz 2e6q8J9HTq8O8mH5RdI44xXorMVNP7FEEpwBsqj7qzK/1kYGKnbsL6sI1VYdV/xy mtEoboOAe+Hi1fF8iVTOOIOHgJClInebMgeW6JvZOhPCzZde0OCYyd4elMbt0N0z JHEYutH3rMwMdQ1e+zNnSK9LWmtn4M470YwT9EERkw8x27HYWxRrPId2e2tF2pxp ATYyDZuVjt6Rj7JzW8Z/qOhlUgMbVRHIOPtBgLfcfSLayJXufjlri4C5U+HENbKL 0liAT2GPMTrDe23QuySn+UrFWgeX8gfnEso2eL4IiLjFsmF+CMOL3PIEpRMu1GGN pZ1RQdp9r3/JU4b6zwOEp2PtRglXIVriTtLvolf1MYQnUP7gFrlBzQe+Q8oaIB7y e8M9QbO373dsa2fMZcaAM8nSewA1xD7aUHSvrc+zDDh1Jj0bndbCMcriTX+0BPPI hxlErmONCJ2pfvfZhJInYaz8NO7S5QQM6YVTIrZSIchnuIPZ/KkRdOewcc2/krUi jCOkG5qxd0hg05duHI7R5SKvnLv6OSdU1qSNlyErgtnVGUw7xkRKCVFP0p0xF/Xz lCgztzoDeEaPSv01SavWz07ApEHh8LAS/PR4NZMQpSCACCLTho2IkgVfaQKlRBAJ awKp5hTIoh5mZlV58xF5gO/eHGjule26xBwOuaZhO29CBkeSNUF2LxsHHXduDtV2 llmsntJyPUvMOz4pXW2vyglmumnBK1QY4BlrkfY+VrwymyB67XPlDh0bbDATjKE6 g5WndMV2Bkgo9srpVYTrEcAD8iI/9kkzvMVvKaQYbJfrtvGbAlC+1KwrS1bET1Xu hPa3iJWImky8bY8mlSQP0rZBfQsej/7g5Da+TfvrEkWQ+QKG0XTPnEu7f/wbHjdU LQX8d16Z7dWY2aN0UTHI5zBObnuU/HjAKTGmMq8dhlGGXz5vL8Ru2Ssj1w8m8wv0 dfh+ysYFkkZlGMjeqRm/6S2LKnBrd/TCTHiczuZtZ85DSHHe/VyYKNc+VdwZH1wl dQBEUPG1CC3K6fGqzFP/nwqqN5PuzikP52177ICEx3VxuLwjU1esa+r2KJai7vCJ hvTpoyJhPlf5CTGaGZ8f2wkf5eRsXKVDstXV2FbgO9Jvkze9Uo+10oQ6XNntG/xi TTBnF6pFGsG8yrS1ecK/Oq2dSqif0g8cjjJ1SKUHhZr91pGWdr5X0UkmXjJIvP8= =KuOK -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
Robert J. Hansen r...@sixdemonbag.org writes: in my quest of the perfect setup, I am asking myself what is the prefered way to sign a message: inline (like this one) or using a MIME header ? Is there a big thumb rule to respect ? https://www.gnupg.org/faq/gnupg-faq.html#use_pgpmime THank you for this pointer. I effectively remember this point in the old days. I am glad the situation is getting better. Regards -- Sent with my mu4e ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MIME or inline signature ?
Jerry je...@seibercom.net writes: On Thu, 12 Feb 2015 23:46:33 +0100, Xavier Maillard stated: Hello, in my quest of the perfect setup, I am asking myself what is the prefered way to sign a message: inline (like this one) or using a MIME header ? Is there a big thumb rule to respect ? Inline totally destroys a sig delimiter and adds a lot of useless garbage to the message body. I never use it. If someone is using an MUA that cannot handle PGP/MIME that is their problem, not mine. I agree. So I'll go for PGP/mime. -- Sent with my mu4e ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Sign key with externalized master key
Daniel Kahn Gillmor d...@fifthhorseman.net writes: On Wed 2015-02-11 00:41:18 -0500, Xavier Maillard wrote: May I ask how one would sign public keys when a master key is stored onto an USB stick ? I followed instructions from [1]. Now I am in the process of announcing my key transition to all old signers *but*, as a last test, I just tested public signature with my master key and this is where troubles occur: LANG=C gpg --home /Volumes/FSF/.gnupg --recv-keys A KEYID gpg: WARNING: unsafe permissions on homedir `/Volumes/FSF/.gnupg' gpg: external program calls are disabled due to unsafe options file permissions gpg: keyserver communications error: General error gpg: keyserver receive failed: General error So what ? My USB stick is formated using extFat so permissions are something unknown. The fact that you're using a FAT volume is the root cause here; FAT filesystems do not have ownership or permissions, so when a modern OS mounts them, it has to fake permissions for these files. Thank you for this precision. Are you aware of some portable and well supported by the 3-major OSes filesystem type ? Regards -- Xavier signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Sign key with externalized master key
flapflap flapf...@riseup.net writes: Xavier Maillard: Daniel Kahn Gillmor d...@fifthhorseman.net writes: On Wed 2015-02-11 00:41:18 -0500, Xavier Maillard wrote: May I ask how one would sign public keys when a master key is stored onto an USB stick ? So what ? My USB stick is formated using extFat so permissions are something unknown. The fact that you're using a FAT volume is the root cause here; FAT filesystems do not have ownership or permissions, so when a modern OS mounts them, it has to fake permissions for these files. Thank you for this precision. Are you aware of some portable and well supported by the 3-major OSes filesystem type ? Since your issue only affects signing of other keys - which normally is not a daily scenario - what about using a GNU/Linux live system/CD/USB for that purpose? That way you can use a normal GNU/Linux supported filesystem and don't have to worry whether to trust your normal OS or which filesystem is compatible with all OSses you intend to use. Good catch. I did something close: refurbished and updated my old slackware GNU/linux system with FUSE exfat support. That does the job ! Thank you for your help. -- Xavier ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Sign key with externalized master key
Hello, May I ask how one would sign public keys when a master key is stored onto an USB stick ? I followed instructions from [1]. Now I am in the process of announcing my key transition to all old signers *but*, as a last test, I just tested public signature with my master key and this is where troubles occur: LANG=C gpg --home /Volumes/FSF/.gnupg --recv-keys A KEYID gpg: WARNING: unsafe permissions on homedir `/Volumes/FSF/.gnupg' gpg: external program calls are disabled due to unsafe options file permissions gpg: keyserver communications error: General error gpg: keyserver receive failed: General error So what ? My USB stick is formated using extFat so permissions are something unknown. Do you have any way to workaround that ? Or better, USB stick storage best practice ? My environment is very hetereogenous but I may only sign from my OS X machine so there can be a better choice than extFat I presume. I did something odd as a very short temporary workaround: umask 077; mkdir /tmp/_gpg-to-sign gpg --home /tmp/_gnupg-to-sign --import /Volumes/FSF/2015-02-09/{public+private}.gpg then did my keysigning. Thank you very much. Footnotes: [1] https://alexcabal.com/creating-the-perfect-gpg-keypair/ -- Sent with my mu4e ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users