Re: GnuPG 2.1 beta 3 released
sorry my previous message was sent in error. Please disregard. Thank you. On Tue, Dec 27, 2011 at 4:42 AM, Veet Vivarto wrote: > Perhaps you find this relevant. I don't even begin to see why you are > interested in this. But who knows. > > On Mon, Dec 26, 2011 at 9:42 PM, Werner Koch wrote: > >> On Sun, 25 Dec 2011 19:00, nicholas.c...@gmail.com said: >> >> > It would be very good if there were still a way to completely 'sandox' >> (for >> > want of a better term) an instance of gpg, so that it uses its own key >> > rings and trust databases. I certainly find that for testing purposes >> it >> > is very useful indeed. On previous versions --homedir does this nicely. >> >> A easy way to do this is: >> >> GNUPGHOME=/foo/bar gpg-agent --daemon sh >> >> and then do whatever you want in this shell. If you are done run give >> an exit and with a few seconds that gpg-agent will be terminated. That >> is how I do almost all tests. >> >> >> Salam-Shalom, >> >> Werner >> >> -- >> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. >> >> >> ___ >> Gnupg-devel mailing list >> gnupg-de...@gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-devel >> > > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta 3 released
Perhaps you find this relevant. I don't even begin to see why you are interested in this. But who knows. On Mon, Dec 26, 2011 at 9:42 PM, Werner Koch wrote: > On Sun, 25 Dec 2011 19:00, nicholas.c...@gmail.com said: > > > It would be very good if there were still a way to completely 'sandox' > (for > > want of a better term) an instance of gpg, so that it uses its own key > > rings and trust databases. I certainly find that for testing purposes it > > is very useful indeed. On previous versions --homedir does this nicely. > > A easy way to do this is: > > GNUPGHOME=/foo/bar gpg-agent --daemon sh > > and then do whatever you want in this shell. If you are done run give > an exit and with a few seconds that gpg-agent will be terminated. That > is how I do almost all tests. > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > > > ___ > Gnupg-devel mailing list > gnupg-de...@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-devel > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta 3 released
On Sun, 25 Dec 2011 19:00, nicholas.c...@gmail.com said: > It would be very good if there were still a way to completely 'sandox' (for > want of a better term) an instance of gpg, so that it uses its own key > rings and trust databases. I certainly find that for testing purposes it > is very useful indeed. On previous versions --homedir does this nicely. A easy way to do this is: GNUPGHOME=/foo/bar gpg-agent --daemon sh and then do whatever you want in this shell. If you are done run give an exit and with a few seconds that gpg-agent will be terminated. That is how I do almost all tests. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta 3 released
On Friday, December 23, 2011, Werner Koch wrote: > On Fri, 23 Dec 2011 19:29, nicholas.c...@gmail.com said: > >> How will this interact with the --homedir option? Will --homedir be >> passed to gpg-agent or are the two entirely separate? > > No it won't. The gpg-agent has its own --homedir option which allows to > have a flexible configuration. By design the gpg-agent may even running > on a different box. However that is currently not supported. > >> I ask because at the moment it is possible to keep separate keyrings >> in different home directories, which might be useful to (for example) >> keep the large debian keyrings separate from personal keys, or to keep >> a set of keys for testing purposes separate from production keys. > > gpg --homedir is still used of the public keyrings. Dear Werner, It would be very good if there were still a way to completely 'sandox' (for want of a better term) an instance of gpg, so that it uses its own key rings and trust databases. I certainly find that for testing purposes it is very useful indeed. On previous versions --homedir does this nicely. I presume the new way will be to make sure that a separate copy of gpg-agent is running and to pass in GPG_AGENT_INFO as an environment variable, as well as specifying a --homedir. Or will there be a better way? Best wishes, Nicholas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta 3 released
On Fri, 23 Dec 2011 19:29, nicholas.c...@gmail.com said: > How will this interact with the --homedir option? Will --homedir be > passed to gpg-agent or are the two entirely separate? No it won't. The gpg-agent has its own --homedir option which allows to have a flexible configuration. By design the gpg-agent may even running on a different box. However that is currently not supported. > I ask because at the moment it is possible to keep separate keyrings > in different home directories, which might be useful to (for example) > keep the large debian keyrings separate from personal keys, or to keep > a set of keys for testing purposes separate from production keys. gpg --homedir is still used of the public keyrings. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta 3 released
> * GPG does not anymore use secring.gpg but delegates all secret key > operations to gpg-agent. The import command moves secret keys to > the agent. How will this interact with the --homedir option? Will --homedir be passed to gpg-agent or are the two entirely separate? I ask because at the moment it is possible to keep separate keyrings in different home directories, which might be useful to (for example) keep the large debian keyrings separate from personal keys, or to keep a set of keys for testing purposes separate from production keys. Best wishes, Nicholas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta 3 released
On Tue, Dec 20, 2011 at 05:26:49PM +0100, Werner Koch wrote: > Noteworthy changes already found in beta2: > > * ECC support for GPG as described by draft-jivsov-openpgp-ecc-06.txt. Eager for this. Will we be seeing ECC support in 1.4.x? -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta 3 released
On Tue, 20 Dec 2011 19:24, nicholas.c...@gmail.com said: > I see that the man page still refers to the option --secret-keyring. > Presumably this option now does nothing? Right, it is a NOP. It is still there so you are able to use the same gpg.conf for all versions of GnuPG. I will fix the documentation. > Very exciting to see the new release! I did it mainly to tell that 2.1 development is still alive and also to remind me about 14 years of GnuPG. More seriously this will be the last beta which uses Pth - we need to switch over to nPth[1]. This new library will need some time to build and work correctly on non-GNU/Linux systems. Salam-Shalom, Werner [1] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=npth.git -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.1 beta 3 released
On Tue, Dec 20, 2011 at 4:26 PM, Werner Koch wrote: > * GPG does not anymore use secring.gpg but delegates all secret key > operations to gpg-agent. The import command moves secret keys to > the agent. > > * The OpenPGP import command is now able to merge secret keys. I see that the man page still refers to the option --secret-keyring. Presumably this option now does nothing? Very exciting to see the new release! N ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
GnuPG 2.1 beta 3 released
Hello! We just released the third *beta version* of GnuPG 2.1. It has been released to give you the opportunity to check out the new features. It is marked as a beta versions and the plan is to release a couple more betas in the next months before we can declare 2.1.0 stable enough for general use. If you need a stable and fully maintained version of GnuPG, you should in general use 2.0.x or even the old 1.4.x. Noteworthy changes in version 2.1.0beta3 * Fixed regression in GPG's secret key export function. * Allow generation of card keys up to 4096 bit. * Support the SSH confirm flag. * The Assuan commands KILLAGENT and KILLSCD are working again. * SCdaemon does not anymore block after changing a card (regression fix). * gpg-connect-agent does now proberly display the help output for "SCD HELP" commands. * Preliminary support for the GPGSM validation model "steed". * Improved certificate creation in GPGSM. * New option for GPG_AGENT to select a passphrase mode. The loopback mode may be used to bypass Pinentry. Noteworthy changes already found in beta2: * ECC support for GPG as described by draft-jivsov-openpgp-ecc-06.txt. * New GPGSM feature to create certificates from a parameter file. Add prompt to the --gen-key UI to create self-signed certificates. * Dirmngr has taken over the function of the keyserver helpers. Thus we now have a specified direct interface to keyservers via Dirmngr. LDAP, DNS and mail backends are not yet implemented. * TMPDIR is now also honored when creating a socket using --no-standard-socket and with symcryptrun's temp files. * Fixed a bug where SCdaemon sends a signal to Gpg-agent running in non-daemon mode. * Print "AES128" instead of "AES". This change introduces a little incompatibility for tools using "gpg --list-config". We hope that these tools are written robust enough to accept this new algorithm name as well. * Fixed CRL loading under W32 (bug#1010). * Fixed TTY management for pinentries and session variable update problem. Noteworthy changes already found in beta1: * GPG does not anymore use secring.gpg but delegates all secret key operations to gpg-agent. The import command moves secret keys to the agent. * The OpenPGP import command is now able to merge secret keys. * The G13 tool for disk encryption key management has been added. * If the agent's --use-standard-socket option is active, all tools try to start and daemonize the agent on the fly. In the past this was only supported on W32; on non-W32 systems the new configure option --disable-standard-socket may now be used to disable this new default. * Dirmngr is now a part of this package. Dirmngr is now also expected to run as a system service and the configuration directories are changed to the GnuPG name space. * Removed GPG options: --export-options: export-secret-subkey-passwd --simple-sk-checksum * New GPG options: --try-secret-key * Support DNS lookups for SRV, PKA and CERT on W32. * The default for --include-cert is now to include all certificates in the chain except for the root certificate. * Numerical values may now be used as an alternative to the debug-level keywords. * New GPGSM option --ignore-cert-extension. * Support for Windows CE. * Given sufficient permissions Dirmngr is started automagically. * Bug fixes. Migration from 1.4 or 2.0 to this version = The major change in 2.1 is that gpg-agent now takes care of the OpenPGP secret keys (those managed by GPG). The former secring.gpg will not be used anymore. Newly generated keys are generated and stored in the agent's key store (~/.gnupg/private-keys-v1.d/). To migrate your existing keys to the agent you should run this command gpg2 --import ~/.gnupg/secring.gpg The agent will you ask for the passphrase of each key. You may use the Cancel button of the Pinentry to skip importing this key. If you want to stop the import process and you use one of the latest pinentries, you should close the pinentry window instead of hitting the cancel button. Secret keys already imported are skipped by the import command. It is advisable to keep the secring.gpg for use with older versions of GPG. Note that gpg-agent now uses a fixed socket by default. All tools will start the gpg-agent as needed. In general there is no more need to set the GPG_AGENT_INFO environment variable. The SSH_AUTH_SOCK environment variable should be set to a fixed value. GPG's smartcard commands --card-edit and --card-status as well as the card related sub-commands of --edit-key are not yet supported. However, signing and decryption with a smartcard does work. The Dirmngr is now part of GnuPG proper. Thus there is no more need to install the separate dirmngr package. The directroy layout of Dirmngr changed to make use of the GnuPG direct
